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IT  execs  such  as  Emcor  CIO  Joseph  Puglisi  are  being 
selective  about  their  technology  investments.  PAGE  5 


Users  at  a  Web  services  conference  said  they  need  v  v 
middleware  to  help  ease  management  complexity.  PAG! 
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Merchants 
Face  Deadline 
For  Data  Safety 

MasterCard,  Visa  impose  new  info  security 
rules  in  effort  to  ease  identity  theft  concerns 


BY  JAIKUMAR  VIJAYAN 

Companies  that  manage 
credit  card  information 
have  just  over  a  month 
to  comply  with  new 
data-protection  require¬ 
ments  being  pushed  by 
MasterCard  International  Inc. 
and  Visa  U.S.A.  Inc.  amid 
growing  concerns  about  iden¬ 
tity  theft  and  fraud. 

The  Payment  Card  Industry 
Data  Security  Standard,  or 
PCI,  lists  12  items  that  retail¬ 
ers,  online  merchants,  data 
processors  and  other  busi¬ 
nesses  that  handle  credit  card 
data  will  have  to  start  meeting 


by  June  1.  The  standard 
sets  technology  re¬ 
quirements  such  as  the 
use  of  data  encryption, 
end-user  access  con¬ 
trol,  and  activity  moni¬ 
toring  and  logging.  It 
also  includes  procedural  man¬ 
dates  such  as  the  need  to  im¬ 
plement  formal  security  poli¬ 
cies  and  vulnerability  manage¬ 
ment  programs. 

The  standard  also  requires 
companies  to  validate  their 
compliance  via  a  PCI-certified 
assessor  either  annually  or 
quarterly,  depending  on  their 
Credit  Cards,  page  16 
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NYSE  Merger 
Won’t  Lead  to 
IT  Makeover 

BY  LUCAS  MEARIAN 

New  York  Stock  Exchange  Inc. 
last  week  agreed  to  merge  with 
electronic  trading  exchange 


Archipelago  Holdings  Inc., 
marking  the  Big  Board’s  full 
embrace  of  e-trading. 

But  the  deal  —  which  coin¬ 
cided  with  a  similar  acquisi¬ 
tion  move  by  Nasdaq  Stock 
Market  Inc.  —  doesn’t  mean 
the  NYSE’s  trading  operations 
will  get  a  rapid  makeover  via 
an  influx  of  technology  from 
NYSE,  page  16 
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Temporary  CIOs  are  often  brought 
in  to  fix  messed-up  IT  departments  - 
fast  -  before  moving  on.  Find  out  what 
makes  them  tick.  Page  39 
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Users  Are  Left  Unclear  About 
Microsoft’s  Model  Approach 


Vendor  pushes  new 
management  strategy 

BY  CAROL  SLIWA 

LAS  VESAS 

Microsoft  Corp.  CEO  Steve 
Ballmer  proclaimed  here  last 
week  that  the  software  ven¬ 
dor’s  2-year-old  Dynamic  Sys¬ 
tems  Initiative  has  advanced 
from  the  vision  stage  to  being 
“very,  very  real.” 

But  a  dozen  IT  managers  at¬ 


tending  the  Microsoft  Man¬ 
agement  Summit  were  having 
a  tough  time  getting  their 
arms  around  the  DSI  strategy, 
which  aims  to  help  companies 
design  and  operate  more  man¬ 
ageable  systems  by  making 
use  of  information  about  ap- 


MORE  INSIDE  j 

Microsoft  has  scrapped  a  plan  to  com-  ■' 
bine  its  management  tools  into  a  single  . 
product  called  System  Center.  Page  51 


plications  that  is  captured 
in  models.  The  IT  man¬ 
agers  said  they  either  don’t 
know  what  DSI  is,  are  con¬ 
fused  about  the  initiative  or 
harbor  skepticism  about  the 
model-based  management 
approach  that’s  at  its  core. 

“It’s  a  good  concept  if  it 
works  —  but  so  was  SMS, 
[and]  it  took  them  a  few 
years  to  fix  it,”  said  Jim 
Brown,  a  senior  technical 
specialist  at  Minneapolis- 
based  General  Mills  Inc. 
Brown  was  referring  to  Sys¬ 
tems  Management  Server 
Microsoft,  page  51 
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Your  potential.  Our  passion .  “ 

Microsoft 


"At  Nissan,  we  expect  to  save  at  least  $135 
million  annually  thanks  to  the  efficiencies 
that  Windows  Server  2003  and  Exchange 
Server  2003  are  helping  us  achieve." 

Toshihiko  Suda 

Senior  Manager,  Nissan  Motor  Company,  Ltd. 


An  upgrade  to  Microsoft  Windows  Server  System 
made  it  possible  for  50,000  worldwide  employees 
at  Nissan  Motor  Company  to  have  more  secure 
remote  access  to  their  e-mail  and  calendars  from 
any  Internet  connection,  without  the  hassle  and 
expense  of  a  VPN.  Here's  how:  By  deploying 
Windows  Server  2003  and  Exchange  2003,  not 
only  did  Nissan  IT  meet  the  CEO's  demand  for 
better  global  collaboration,  they  expect  to 
save  at  least  $135  million  by  streamlining  their 
messaging  infrastructure.  To  get  the  full  Nissan 
story  or  find  a  Microsoft  Certified  Partner, 
go  to  microsoft.com/wssystem 


Windows  Server  System™  includes: 


Server  Platform 

Windows  Server™ 

Virtualization 

Virtual  Server 

Data  Management  &  Analysis 

SQL  Server™ 

Communications 

Exchange  Server 

Portals  &  Collaboration 

Office  SharePoint*  Portal  Server 

Integration 

BizTalk*  Server 

Management 

Systems  Management  Server 
Microsoft1  Operations  Manager 

Security 

Internet  Security  &  Acceleration  Server 

Plus  other  software  products 


NAME 

Mr.  50,000  Global 
Remote  and  Mobile 
Users  Connected 
Without  a  VPN. 


WE’RE  PUTTING  COMPUTER 
R&D  WHERE  IT  BELONGS. 
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In  your  Business . 


Dancing  robots  and  Artificial  Intelligence  make  great  press 
release  material,  but  what  exactly  do  they  do  to  improve 
your  business? 

At  Fujitsu,  we’re  concerned  with  R&D  that  helps 
CIOs  run  their  business  more  efficiently.  In  fact,  we  invest 
billions  of  dollars  annually  in  developing  technology  solu¬ 
tions  and  providing  the  right  products  for  our  customers 
to  achieve  maximum  enterprise  performance.  This  R&D 
effort  is  the  foundation  of  the  Fujitsu  PRIMEPOWER" 
and  PRIMERGY®  server  lines,  which  deliver  mission-critical 
reliability,  availability  and  serviceability. 

Thanks  to  our  real-world  R&D  philosophy,  we’ve 
become  a  company  that  offers  CIOs  the  high-performance 
mobile  computers,  scalable,  reliable  servers,  and  managed 
and  professional  services  they  need. 

If  you  are  looking  for  an  IT  partner  whose  R&D 
investment  actually  does  your  company  some  good,  visit 
us.fujitsu.com/computers/RD  or  call  I -800-83 1 -3 1 83. 
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Nasdaq  to  Adopt 
Instinet’s  Engine 


BY  LUCAS  MEARIAN 

Nasdaq  Stock  Market  Inc.  said 
Friday  that  it  will  standardize  on 
Instinet  Group  Inc.’s  electronic 
trade-matching  technology  as 
part  of  its  planned  acquisition 
of  New  York-based  Instinet  for 
$934.5  million  in  cash. 

“They  have  the  leading  [elec¬ 
tronic  trading]  technology  on  the 
planet,”  Nasdaq  CEO  Bob  Greifeld 
said  during  a  press  conference  Fri¬ 
day  afternoon.  He  added  that  In¬ 
stinet’s  matching  engine  offers  re¬ 
sponse  times  of  about  5  millisec¬ 
onds  on  incoming  trade  orders. 

Greifeld  said  synergies  between 
the  Nasdaq  and  Instinet  technolo¬ 
gy  infrastructures  are  expected  to 
result  in  an  annual  savings  of 
$100  million  in  the  first  three 
years  after  the  deal  is  completed. 
He  didn't  disclose  further  details, 
saying  only  that  Nasdaq  has  “a 
clear  plan  that  fits  into  our  exist¬ 
ing  road  map.” 

Nasdaq  spent  $107  million  to 
develop  its  own  SuperMontage 
electronic  order  display  and  exe¬ 
cution  system,  which  went  live  in 
2002.  The  homegrown  technology 
will  in  all  likelihood  be  scrapped  as 
a  result  of  the  Instinet  deal,  said 
Jodi  Burns,  an  analyst  at  Celent 
Communications  LLC  in  Boston. 

But  she  added  that  when  Super- 
Montage  was  developed,  Nasdaq 
needed  it  to  compete  against  elec¬ 
tronic  exchanges  such  as  Instinet 
and  Archipelago  Holdings  Inc., 
which  is  due  to  merge  with  New 
York  Stock  Exchange  Inc.  in  an¬ 
other  deal  announced  last  week. 

Compared  with  the  technology 
integration  issues  that  the  NYSE 
and  Archipelago  face,  Nasdaq’s 
challenges  in  absorbing  Instinet 
are  much  smaller,  Burns  said. 

“In  general,  Nasdaq  is  planning  to 
use  the  Inet  order-matching  sys¬ 
tem,  but  its  own  quote  and  trade¬ 
reporting  system  won’t  change,” 
she  said. 

Instinet's  electronic  market¬ 
place  trades  about  25%  of  the 
Nasdaq-listed  volume  daily.  The 
acquisition  agreement  includes 
two  side  deals  to  sell  off  Insti- 
nent’s  nontrading  operations.  Al¬ 
together,  Instinet’s  shareholders 
will  receive  $1.9  billion  in  cash. 
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Oracle  Promises  Best-of-Breed 
Approach  on  App  Convergence 


Says  its  Fusion  project  will  utilize  key 
features  from  different  software  lines 


BY  MARC  L.  SONSINI 

NEWTON.  MASS. 

RACLE  CORP.  last 
week  held  a  series 
of  customer  meet¬ 
ings  to  shed  some 
light  on  its  plan  to  converge 
four  business  application 
suites,  and  executives  said 
the  vendor  will  work  closely 
with  its  various  user  groups 
to  cull  capabilities  from  each 
product  line. 

That  should  enable  the 
company  to  craft  something 
akin  to  a  best-of-breed  suite, 
according  to  Oracle  Co-presi¬ 
dent  Charles  Phillips.  He  said 
at  a  meeting  held  here  that 
Oracle  will  use  a  service- 
oriented  architecture  ap¬ 
proach  to  turn  pieces  of  appli¬ 
cations  into  components,  en¬ 
abling  it  to  mix  and  match 
functionality  from  the  differ¬ 
ent  products. 

Phillips  also  said  that  while 
Oracle’s  own  database  and 
middleware  will  be  the  default 
software  stack  for  the  con¬ 
verged  Fusion  applications, 
the  company  will  certify  infra¬ 
structure  software  from  rival 
vendors  in  some  cases.  For  in¬ 
stance,  IBM’s  DB2  database 
will  continue  to  be  supported 
for  users  of  the  AS/400-based 
J.D.  Edwards  World  applica¬ 
tions  that  Oracle  inherited 
when  it  acquired  PeopleSoft 
Inc.  in  January. 

Oracle  had  already  an¬ 
nounced  much  of  what  was 
discussed  last  week.  And  with 
the  Fusion  road  map  still 
evolving,  users  interviewed  at 
the  event  and  via  telephone 
posed  a  variety  of  yet-to-be- 
answered  questions. 

Robert  Robinson,  business 
systems  supervisor  at  Durr 
Industries  Inc.,  a  Plymouth, 
Mich.-based  automotive  sup¬ 
plier  that  runs  the  J.D.  Ed¬ 
wards  EnterpriseOne  software 


for  midsize  companies,  said 
he’s  curious  about  how  much 
input  users  will  really  have  in 
“building  this  new  beast.” 

Robinson  also  questioned 
how  much  Oracle  will  en¬ 
hance  its  current  applications 
while  developing  the 
converged  product 
line.  “The  smart  user 
will  trust  what’s  be¬ 
ing  said  but  verify,” 
he  noted.  “And  we 
cannot  verify  until 
we  hit  [product  roll¬ 
out]  mileposts.” 

Another  user  with 
questions  is  William 
Gabby,  North  Ameri¬ 
can  operations  man¬ 
ager  at  Cargill  Inc.’s 
Global  Financial  Solutions 
business  unit  in  Minnetonka, 
Minn.  Gabby,  a  World  user, 
said  he  wants  to  know  if  there 
is  “a  future  for  any  of  the  ex¬ 
isting  product  lines,  or  will  the 


NEWTON.  MASS. 

CHARLES  PHILLIPS,  one  of  Ora¬ 
cle’s  co-presidents,  stressed  at 
last  week’s  customer  meeting 
here  that  Fusion  encompasses 
more  than  a  single  product  and 
that  the  rollout  of  the  modular, 
Java-based  applications  will  be 
an  evolutionary  process  with  no 
forced-march  migrations  for  users. 

As  part  of  the  Fusion  project, 
Oracle  plans  to  mix  business 
process  automation  technology 
with  business  intelligence  tools  to 
allow  a  company  using  its  soft¬ 
ware  to  see,  for  instance,  whether 
a  supplier  was  able  to  deliver  an 
item  on  time  in  recent  trans¬ 
actions. 

As  another  example  of  what 
Oracle  hopes  to  accomplish  with 
Fusion,  John  Wookey,  the  ven- 


only  option  be  Fusion?” 

Underlying  Fusion  technol¬ 
ogy  is  due  to  start  appearing 
this  year,  and  Oracle  plans  to 
deliver  the  converged  applica¬ 
tions  in  2008.  But  Phillips  and 
John  Wookey,  Oracle’s  senior 
vice  president  of  applications, 
reiterated  that  the  applications 
Oracle  acquired  when  it  bought 
PeopleSoft  will  be  supported 
through  at  least  2013. 

“I’m  optimistic 
about  the  process 
that’s  being  under¬ 
taken  by  Oracle,” 
said  James  Whalen, 
CIO  at  Boston  Prop¬ 
erties  Inc.,  a  real  es¬ 
tate  development 
and  management 
company  in  Boston. 

Whalen,  the  presi¬ 
dent  of  the  People- 
Soft  International 
Customer  Advisory  Board, 
was  a  member  of  a  user  panel 
at  the  Oracle  event.  He  said  he 
expects  Fusion  to  provide  an 
improved  application  platform 
for  users  when  it’s  completed. 


dor’s  senior  vice  president  of 
applications,  pointed  to  a  com¬ 
pensation  tool  in  its  E-Business 
Suite  11i  software.  The  tool  lets 
users  manage  employee  com¬ 
pensation,  including  bonuses 
and  stock  options,  and  is  similar 
to  technology  that  PeopleSoft 
was  working  on  before  it  was 
bought  by  Oracle. 

Using  service-oriented  archi¬ 
tecture  tools,  Oracle  may  enable 
PeopleSoft  Enterprise  users  to 
exploit  the  11i  compensation 
management  tool  without  having 
to  scrap  their  investments  in 
PeopleSoft’s  human  resources 
software,  Wookey  said. 

Oracle  has  also  said  that  it  will 
allow  customers  to  skip  software 
versions  when  doing  upgrades. 

A  company  could  be  several 


MThe  smart 
user  will  trust 
what’s  being  said 
but  verify.  And  we 
cannot  verify  until 
we  hit  [product 
rollout]  mileposts. 

ROBERT  ROBINSON, 

BUSINESS  SYSTEMS  SUPERVISOR. 
DURR  INDUSTRIES  INC. 

Doug  Rademacher,  another 
panelist,  is  CIO  at  American 
Power  Conversion  Corp.,  a 
West  Kingston,  R.I.-based 
manufacturer  that  runs 
Oracle’s  E-Business  Suite  lli 
applications. 

“As  an  Oracle  user,  I’m  not 
that  concerned,”  he  said.  “My 
question  is,  What  do  I  get  out 
of  [Fusion],  and  will  Oracle  be 
distracted?” 

But  Rademacher  added  that, 
like  Whalen,  he’s  optimistic 
about  the  outcome  of  the  con¬ 
vergence  effort.  ©  53948 


:  releases  behind  the  most  current 
:  version  of  an  application  but 

•  move  directly  to  the  latest  one,  a 
:  process  that  will  continue  with 

:  Fusion. 

Among  the  most  outspoken 

•  users  have  been  J.D.  Edwards 
World  customers,  whose  green- 
screen  applications  run  on  IBM’s 

:  AS/400  systems.  Phillips  said 
Oracle  remains  “committed  for 
the  foreseeable  future"  to  World, 
continues  to  sell  licenses  for  it 
and  is  even  considering  adding 
CRM  functionality. 

Phillips  added  that  Oracle  has 
issued  a  playbook  to  help  guide 
its  salespeople  on  all  of  the  com¬ 
pany’s  myriad  products  during 
meetings  with  prospective  cus- 
|  tomers. 

-  Marc  L.  Songini 


ORACLE’S  PHILLIPS: 

Fusion  project  will 
combine  the  best 
of  four  suites. 
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Web  Services  Users  Seek  Help  From  Middleware 


Pin  hopes  for  reduced  complexity  on 
use  of  enterprise  service  bus  technology 


BY  HEATHER  HAVENSTEIN 

LOS  ANGELES 

As  companies  increase  their 
use  of  Web  services  to  inte¬ 
grate  existing  applications  and 
build  new  ones,  many  are  eye¬ 
ing  enterprise  service  bus 
(ESB)  middleware  technology 
to  help  reduce  their  manage¬ 
ment  and  routing  burdens. 

Nine  IT  managers  at  Gart¬ 
ner  Inc.’s  Application  Integra¬ 
tion  and  Web  Services  Summit 
here  last  week  said  they  hope 
that  ESBs  will  ease  the  com¬ 
plexity  and  cost  of  making 
Web  services  widely  available 
across  their  systems. 

For  example,  Ashiq  Zaman, 
manager  of  the  Kentucky  state 
government’s  Office  of  Tech¬ 
nology,  said  he  wants  to  invest 
in  ESB  technology  to  help 
manage  the  commonwealth’s 
Web  services.  The  Web  ser¬ 
vices  expose  data  from  back¬ 
end  revenue  and  transporta¬ 


tion  systems  running  on  main¬ 
frames  to  outward-facing  Web 
applications  based  on  .Net  and 
Java.  Kentucky  residents  can 
use  the  Web  applications  to 
pay  taxes  or  renew  their  dri¬ 
ver’s  licenses  online. 

“This  will  open  new  possi¬ 
bilities  for  us,”  Zaman  said, 
adding  that  putting  an  ESB  in 
between  the  different  applica¬ 
tions  would  also  enable  the 
state’s  IT  staffers  to  better 
manage  the  process  of  modify¬ 
ing  the  Web  services. 

Technology  Options 

An  ESB  typically  encompasses 
messaging  technology  like  the 
Java  Message  Service  or  IBM’s 
MQSeries  middleware  and 
supports  Web  services  stan¬ 
dards  for  transforming  data 
formats,  binding  Web  services 
together  and  routing  them 
without  having  to  write  code 
to  change  interfaces. 


“You  want  something  in  the 
middle  that  can  translate  and 
be  transport-independent,” 
said  Gartner  analyst  Roy 
Schulte.  He  added,  though, 
that  one  of  the  biggest  chal¬ 
lenges  is  choosing  the  right 
ESB  product. 

Pure-play  ESB  vendors  such 
as  Sonic  Software  Corp.  and 
Cape  Clear  Software  Inc.  are 
best  for  companies  that  plan 
to  use  a  variety  of  application 
servers,  because  they’re  de¬ 
signed  to  be  vendor-neutral, 
Schulte  said.  The  ESB  offer¬ 
ings  from  vendors  such  as 
IBM  and  Oracle  Corp.  are  best 
suited  for  users  that  are  pre¬ 
dominantly  relying  on  their 
application  servers,  he  said. 

James  Law,  an  applications 
programmer  at  the  University 
of  Michigan  Health  System  in 
Ann  Arbor,  said  the  health 
care  organization  has  just  be¬ 
gun  using  Web  services  stan¬ 
dards  for  integration  purpos¬ 
es.  But  he  believes  that  an  ESB 
could  help  lower  management 
costs  because  application  and 


An  Enterprise 
Service  Bus: 

Acts  as  an  intermediary  layer  ’oft:  > 
middleware  through  which  a  set  ■ 
of  reusable  business  services  can 
be  made  widely  available  to  users. 

w'W-  .  that  handles 
routing  and  orchestratiori  of  ser¬ 
vices,  plus  business  rules  and . 

quality-of-servico  capabilities. 

' 

of 

message  payloads  in  order  to. 
aQgregate  services. 

Can  send  persistent  messages  V 

to  queues  and  retry  operations 
when  failures  occur. 


system-to-system  messaging 
could  be  managed  from  one 
software  stack.  “Now  we  have 
messaging  in  one  place  and 
the  application  infrastructure 
in  a  separate  silo,”  Law  said. 

Chicago-based  Health  Care 
Service  Corp.,  an  insurance 
company  that  operates  Blue 
Cross  and  Blue  Shield  divi¬ 


sions  in  Illinois,  Texas  and 
New  Mexico,  is  looking  for 
ESB  middleware  to  handle  the 
routing  of  a  growing  stable  of 
Web  services  that  automate 
tasks  for  health  care  providers, 
such  as  looking  up  the  bene¬ 
fits  provided  by  various  plans. 

Bob  Holzer,  a  solution  archi¬ 
tect  at  the  insurer,  said  that 
using  an  ESB  to  make  Web 
services  more  widely  available 
would  help  eradicate  some 
of  the  current  duplication  of 
work  by  developers  in  differ¬ 
ent  parts  of  the  company. 

Vendors  are  stepping  up 
their  efforts  to  meet  the  de¬ 
mand  for  ESB  products.  For 
example,  IBM  last  week  un¬ 
veiled  WebSphereMQ_ Version 
6,  which  was  designed  to  let 
users  create  ESBs  from  a  sin¬ 
gle  Eclipse-based  workbench. 

In  addition,  users  can  now 
more  easily  turn  MQSeries 
messages  into  Web  services, 
said  Scott  Cosby,  IBM’s  Web¬ 
Sphere  product  director.  The 
new  software  is  due  for  gener¬ 
al  release  on  May  24.  ©  53953 


Economic  Concerns  Lead 
To  Selective  IT  Spending 


BY  THOMAS  HOFFMAN 

The  weak  financial  results  re¬ 
ported  for  the  first  quarter  by 
some  technology  vendors,  in¬ 
cluding  IBM  and  Sun  Micro¬ 
systems  Inc.,  suggested  that 
corporate  users  might  be 
pulling  back  on  their  discre¬ 
tionary  IT  spending. 

But  other  major  vendors 
had  strong  quarters.  And 
while  some  IT  executives  last 
week  confirmed  that  econom¬ 
ic  uncertainties  have  led  them 
to  postpone  some  systems 
upgrades  and  new  IT  invest¬ 
ments,  other  users  and  ana¬ 
lysts  said  the  current  pattern 
is  more  indicative  of  a  spend¬ 
ing  “microclimate”  in  which 
companies  are  simply  being 
more  selective  about  their 
technology  spending. 

“Our  company  is  in  an  in¬ 
dustry  that’s  a  lagging  indica¬ 
tor  of  the  economy,  so  we’re 


kind  of  laying  back”  on  mak¬ 
ing  new  IT  investments,  said 
Joseph  Puglisi,  CIO  at  Emcor 
Group  Inc.,  a  Norwalk,  Conn.- 
based  mechanical  and  electri¬ 
cal  systems  contractor. 

Although  Emcor  continues 
to  expand  its  use  of  Oracle 
Corp.’s  One  World  XE  ERP 
software  and  has  just  launched 
an  identity  management  proj¬ 
ect  to  boost  its  IT  security, 
“we’re  not  ready  to  undertake 
any  major  programs  for  the 
time  being,”  Puglisi  said. 
“We’re  just  doing  what’s  need¬ 
ed  and  making  investments 
where  there’s  clear  returns.” 

One  company  that  has 
throttled  down  its  IT  spending 
in  response  to  renewed  eco¬ 
nomic  concerns  is  pharmaceu¬ 
tical  maker  Wyeth.  Even 
though  the  Madison,  N.J.- 
based  company  last  week  re¬ 
ported  44%  profit  growth  year 


over  year  for  the  first  quarter, 
it  has  decided  to  postpone  its 
PC  and  server  replacement 
plans  for  this  year  “due  to 
the  overall  financial  environ¬ 
ment,”  said  CIO  Bruce  Fadem. 

Wyeth  normally  replaces  its 
PCs  every  three  years  and  up¬ 
grades  its  servers  every  three 
to  five  years,  according  to  Fa¬ 
dem.  “We’ve  pushed  them  all 
out  another  year  for  the  time 
being,”  he  said. 

Ian  Campbell,  CEO  of  Nu¬ 


cleus  Research  Inc.  in  Welles¬ 
ley,  Mass.,  said  he  doesn’t 
expect  many  companies  to 
reduce  their  IT  budgets  as  a 
result  of  the  current  economic 
instability. 

But  Campbell  added  that  he 
is  seeing  a  shift  away  from 
committing  tens  of  millions  of 
dollars  to  large  IT  projects  in 
favor  of  emphasizing  smaller- 
scale  deployments  that  can 
deliver  more-focused  returns 
on  investment. 


Howard  Rubin,  an  analyst 
at  Gartner  Inc.,  said  he  has 
observed  increased  IT  spend¬ 
ing  by  companies  this  year 
in  areas  such  as  security  and 
storage  technologies  that  are 
needed  to  support  Sarbanes- 
Oxley  Act  compliance  initia¬ 
tives.  But  that  isn’t  enough  to 
end  the  four-year  run  of  slug¬ 
gish  IT  spending,  he  added. 

With  uneven  economic 
growth  overall,  “companies 
will  be  as  frugal  as  they  need 
to  be  with  IT  spending,”  Rubin 
said.  “It’s  not  a  happy  time.” 

Of  course,  IT  spending 
varies  from  one  company  to 
another.  At  Schneider  Nation¬ 
al  Inc.,  for  example,  spending 
is  up  15%  year  over  year,  said 
Bob  Grawien,  vice  president 
of  application  development 
and  business  intelligence  at 
the  Green  Bay,  Wis.-based 
transportation  provider. 
Grawien  said  the  increase  is 
being  driven  by  a  mix  of  inter¬ 
nally  developed  systems  and 
new  implementations  of  off- 
the-shelf  software.  ©  53935 
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U.S.  Land  Agency 
Shutters  Web  Site 


The  Bureau  of  Land  Management 
has  again  shut  down  its  Web  site 
because  of  concerns  about  the 
security  of  its  IT  systems.  A 
spokeswoman  for  the  BLM  said 
that  the  site  was  turned  off  April  8 
after  a  systems  audit  by  the  U.S. 
Department  of  the  Interior’s  in¬ 
spector  general  “revealed  poten¬ 
tial  weaknesses.”  She  declined  to 
say  when  the  agency  expects  to 
restore  the  Web  site,  which  has 
been  shut  down  several  times 
since  late  2001. 


Cisco  Pushes  Back 
Against  Juniper 

Responding  to  gains  by  rival 
Juniper  Networks  Inc.  in  the  mar¬ 
ket  for  carrier-class  networking 
equipment,  Cisco  Systems  Inc. 
said  the  XR  version  of  its  routing 
software  will  become  available  on 
its  12000  Series  routers  in  June. 
The  XR  software  currently  sup¬ 
ports  only  Cisco’s  high-end  CRS-1 
systems.  Cisco  is  also  upgrading 
the  software  that  runs  on  its 
7600  Series  routers. 


Microsoft  to  Tie  IM 
To  Mobile  Devices 

Microsoft  Corp.  announced  plans 
to  extend  its  Live  Communica¬ 
tions  Server  2005  instant  mes¬ 
saging  and  collaboration  software 
to  mobile  devices,  via  a  Windows 
Mobile-based  client  that’s  due  for 
beta-testing  in  the  second  half  of 
the  year.  Microsoft  said  the  mo¬ 
bile  software's  user  interface  will 
be  similar  to  the  one  in  Office 
Communicator  2005,  the  PC 
messaging  client  for  LCS. 


Short  Takes 

A  U.S.  judge  in  Baltimore  dis¬ 
missed  a  lawsuit  filed  against 
MICROSOFT  by  several  California 
cities  and  counties  but  gave  them 
permission  to  amend  the  antitrust 
portion  of  their  claims. ...  MCI 
INC.  last  week  pledged  to  restore 
network  services  to  users  within 
3.5  hours  of  a  failure. 
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Tenacious  Spyware 
Slips  Past  Weak . . . 

. . .  defenses  offered  by  current  technologies.  Most  anti¬ 
spyware  tools  apply  a  range  of  protections,  such  as 
URL  filtering  or  signature  analysis,  but  they  catch 
less  than  40%  of  the  spyware  that  sneaks  onto  cor¬ 
porate  computers,  according  to  tests  reported  on 


SpywareWarrior.net. 

The  study,  done  last 
fall,  showed  that  even 
the  best  scanners 
overlook  more  than 
one-fourth  of  the  spy- 
ware  on  PCs.  Blue 
Coat  Systems  Inc.  in 
Sunnyvale,  Calif.,  claims  that 
its  upcoming  Spyware  Inter¬ 
ceptor  appliance  can  dramati¬ 
cally  improve  your  defense 
efforts.  Chris  Harget,  a  Blue 
Coat  product  manager,  says 
the  company  has  already  sur¬ 
veyed  7.3  million  Web  sites  to 
determine  which  ones  carry 
spyware,  be  it  knowingly  or 
unknowingly.  Blue  Coat’s  en¬ 
gineers  found  “tens  and  tens 
of  thousands  of  sites”  rife 
with  the  pesky  programs, 
Harget  says.  Interceptor  will 
let  end  users  navigate  to  a 
spyware-tainted  site  but 
doesn’t  allow  the  malware  to 
slip  through  to  their  comput¬ 
ers.  It  also  recognizes  when 


executable  code 
has  been  hidden  in 
a  nonexecutable  file 
such  as  a  JPEG  and 
stops  the  nefarious 
program  from  firing 
up.  And  because 
mobile  users  often 
pick  up  spyware  outside  the 
corporate  network,  Intercep¬ 
tor  can  stop  the  performance¬ 
sucking  programs  from  con¬ 
tacting  their  home  Web  sites 
to  report  on  what  they  have 
learned  from  infected  ma¬ 
chines.  The  appliance  can 
handle  100  to  1,000  PCs  on 
a  network  and  is  priced  at 
$2,295,  plus  a  subscription 
fee  that  starts  at  $695  for 
100  users.  It’s  due  to  ship 
on  May  31. 

Predict  an  application’s 
performance . . . 

. . .  before  you  unleash  it  on  your 
network.  Software  modeling 
technology  that  HyPerformix 


67% 

IDC’s 

estimate  of 
PCs  loaded 
with  spyware. 


Intercept  spyware 
on  your  net. 


BlueCCoat 


Inc.  in  Austin  plans 
to  release  this  week 
promises  to  help  IT 
managers  “predict  the 
impact  of  change” 
that  a  new  application 
will  bring  to  a  net¬ 
work,  says  CEO  Noel 
Barnard.  She  notes 
that  the  Performance 
Designer  tool  can  pre¬ 
dict  response  times  from  an 
end  user’s  perspective  by  ap¬ 
plying  more  than  1,700  tem¬ 
plates  of  the  possible  infra¬ 
structure  configurations  that 
applications  will  work  within. 
You  pick  the  appropriate  tem¬ 
plate  and  run  your  code 
through  its  paces  in  a  virtual 
IT  world.  Companies  engaged 
in  application  consolidation 
work  will  particularly  benefit, 
Barnard  claims.  Pricing  starts 
at  $100,000. 

Track  VoIP  performance 
in  real  time . . . 

...  to  determine  where  the 
hang-ups  are.  With  the  Clear- 
Sight  Distributed  Analyzer, 
you  can  literally  watch  how 
your  end  users’  voice-over-IP 
conversations  are  going.  “The 
real-time  flow  of  conversa¬ 
tion  views  are  broken  down 
into  a  time-ladder  diagram,” 
says  Bill  Berkman,  CEO  of 
ClearSight  Networks  Inc.  in 
Fremont,  Calif.  He  means  that 
the  diagram  visualizes  step 
by  step  how  data  packets 
move  across  the  wire.  A  tech¬ 
nician  can  even  replay  con¬ 
versations  to  analyze  faulty 
VoIP  connections.  The  $6,500 
software,  available  this  week, 
can  also  analyze  security  pro¬ 
tocols  such  as  Kerberos  and 
decode  IPv6  packets. 

Application  availability 
is  all  about . . . 

. . .  money,  ultimately.  So  later 
this  quarter,  Fidelia  Technol¬ 
ogy  Inc.  in  Princeton,  N.J., 
will  update  its  NetVigil  Con¬ 
tainers  software  to  estimate 
the  direct  financial  cost  of 
down  or  debilitated  applica¬ 
tions.  Fidelia  President  Vikas 


Aggarwal  says  Net- 
Vigil  lets  you  create 
so-called  application 
containers  that  in¬ 
clude  all  aspects  of 
your  IT  infrastructure 
—  network  availabil¬ 
ity,  database  response 
time,  server  CPU  uti¬ 
lization  and  more.  Fi¬ 
delia’s  Data  Gathering 
Engines  keep  track  of  the  per¬ 
formance  and  availability  of 
up  to  1,000  devices  apiece 
and  feed  the  data  into  your 
containers.  At  a  glance,  a 
sysadmin  can  see  whether 
there’s  a  problem  and  where 
it  originated.  In  the  upcoming 
release,  NetVigil  will  let  you 
apply  monetary  values  to 
each  contain¬ 
er.  Aggarwal 
says  that 
knowing  the 
true  cost  of 
troubled 
apps  will 
help  IT  “pri¬ 
oritize  which 
applications 
are  more  im¬ 
portant  and 
which  ones  to  fix  first.”  Or, 
perhaps  admins  will  ask  their 
chief  financial  officers  to  set 
the  priorities.  Pricing  for 
NetVigil  starts  at  $40,000. 

Telecommuter  PCs 
down?  No  problem . . . 

...  so  long  as  it’s  the  first  week 
of  August.  The  Branford, 
Conn.-based  PC-Turnoff  Or¬ 
ganization  is  urging  families 
to  turn  off  their  home  com¬ 
puters  from  Aug.  1-7  this  year. 
“Overuse  of  the  computer 
shares  many  of  the  same  neg¬ 
ative  effects  of  too  much  tele¬ 
vision,”  the  group  claims. 
Such  as?  Creating  fat  kids 
who  sit  around  all  day  sip¬ 
ping  Jolt  and  munching 
Twinkies  while  mousing  their 
way  to  unsavory  areas  of  the 
Web.  Noble  idea  or  nonsense? 
Can’t  say.  But  the  real  ques¬ 
tion  is:  Will  corporate  IT  de¬ 
clare  a  PC-Tumoff  Week? 
Please?  ©  53908 


AGGARWAL: 

Follow  the 

.) 

fix  a 


Oracle  Applications 


Start  Your  Day 


Daily  Business  Intelligence 


✓  Applications  with  real-time  intelligence 

✓  616  pre-built  dashboards  and  reports 
^  Drill  from  dashboards  to  transactions 
^  All  your  information  in  one  place 


Oracle  Daily  Business  Intelligence. 

Real-time  information  about  your  business  right  out  of  the  box. 


oracle.com/dbi 
or  call  1.800.633.0651 


Copyright  ©  2005,  Oracle.  Oracle,  JD  Edwards  and  PeopleSoft  are  registered  trademarks  of  Oracle  Corporation  and/or  its  affiliates. 


NEWS 


www.computerworld.com 


CQMPUTERWORLD  April  25, 2005 


Cvbersecurity  Monitoring 
Center  Begins  Pilot  Project 

Sensors  on  corporate  networks  will 
track  intrusions,  forward  data  to  feds 


BY  TODD  R.  WEISS 

PHILADELPHIA 

cybersecurity  mon¬ 
itoring  organization 
that  was  set  up  two 
years  ago  as  part  of 
a  private/public  partnership 
opened  its  operations  center 
at  the  University  of  Pennsylva¬ 
nia  last  week  and  said  it  has 
launched  a  pilot  project  in¬ 
volving  about  30  companies. 

The  Cyber  Incident  Detec¬ 
tion  Data  Analysis  Center 
(CIDDAC)  will  install  special¬ 
ly  built  sensor  devices  on  the 
networks  of  participating 
companies.  The  sensors  will 
automatically  report  attacks  to 
CIDDAC,  which  will  evaluate 


the  intrusion  data  and  pass  it 
on  to  law  enforcement  agen¬ 
cies  and  the  participating 
companies  without  identifying 
the  one  that  was  attacked. 

Charles  “Buck”  Fleming,  ex¬ 
ecutive  director  of  CIDDAC, 
said  companies  that  are  vic¬ 
tims  of  IT  security  attacks 
aren’t  always  willing  to  share 
their  information  with  the 
government. 

“Companies  don’t  want  the 
FBI  looking  at  their  informa¬ 
tion,  even  if  they’re  not  doing 
something  wrong,”  he  said. 
“Privacy,  trust  and  anonymity 
are  absolute  essentials  for  the 
private  sector  to  participate. 
And  without  the  private  sec¬ 


tor,  there  is  no  program.” 

The  initial  30  participants, 
which  aren’t  being  identified 
for  security  reasons,  will  pay 
about  $10,000  each  for  the  in¬ 
stallation  of  the  sensors  plus 
one  year  of  monitoring  and 
incident  reports. 

John  Chesson,  a  special 
agent  at  the  FBI  in  Philadel¬ 
phia,  said  the  sensors  are 
“hardened  honeypots”  that 
aren’t  connected  to  any  actual 
corporate  systems  but  appear 
to  intruders  to  be  just  another 
machine  on  a  network. 

Brian  Schaeffer,  a  member 
of  CIDDAC’s  board  and  the 
chief  technology  officer  at 
Liberty  Bell  Bank  in  Cherry 
Hill,  N.J.,  said  he  thinks  that 
the  new  program  adds  an  im¬ 
portant  weapon  for  defending 
systems  against  attacks. 


Schaeffer  said  intrusion 
data  is  currently  collected  on 
a  company-by-company  basis, 
making  it  less  useful  in  cases 
of  large-scale  attacks.  “If  I  can 
get  some  intelligence  on  an¬ 
other  financial  institution  and 
how  they  are  being  attacked 
and  what  they  are  doing  to  de¬ 
fend  themselves,  that’s  more 
likely  to  help  me,”  he  said. 

According  to  CIDDAC,  law 
enforcement  officials  will  be 
able  to  use  the  intrusion  data 
to  compile  attack  signatures, 
which  could  help  investigators 
identify  and  neutralize  cyber- 


lobi  Enterprise 

Verizon  Communications  Inc. 

■  PRODUCT  SUMMARY:  Veri¬ 
zon  last  week  announced  an 
enterprise  version  of  software 
that  lets  users  receive  phone 
calls,  e-mail  and  instant  mes¬ 
sages  through  a  single  Web- 
based  portal.  The  lobi  Enter¬ 
prise  tools  give  workers  real¬ 
time  remote  control  of  phone 
traffic,  messaging  alerts  and 
other  communications  capabili¬ 
ties.  For  example,  users  who 
are  away  from  their  offices  can 
check  calls  and  forward  the 
ones  they  want  to  take  to  de¬ 
vices  that  are  within  their  reach. 

The  software  can  be  ac¬ 
cessed  through  a  PC  client, 
Web  browser  or  voice  portal 
and  initially  is  aimed  at  compa¬ 
nies  that  use  Centrex  voice 
services.  Support  for  private 
branch  exchange  systems  will 
be  added  later  this  year. 

Verizon  rolled  out  lobi  offer¬ 
ings  for  home  and  small-busi¬ 
ness  users  last  August,  but  it 
took  longer  than  expected  to 
release  the  enterprise  version 
because  it  needed  more-robust 
capabilities,  said  Ian  Forrest, 
manager  of  lobi  Enterprise 
services. 

■  USER  EXPERIENCE:  Neal 

Sturm,  CIO  at  Fairleigh  Dickin¬ 
son  University  in  Teaneck,  N.J., 
has  beta-tested  lobi  Enterprise 
for  the  past  year,  and  about  30 
of  his  IT  staffers  have  been  us¬ 
ing  it  for  the  past  90  days.  Fie 
said  he  likes  the  flexibility  that 


security  threats  more  quickly. 

Shawn  Henry,  an  assistant 
special  agent  at  the  FBI,  said 
enforcement  agencies  also 
hope  to  use  the  data  to  pre¬ 
vent  future  attacks  instead  of 
just  reacting  to  incidents. 

Fleming  said  CIDDAC  ex¬ 
pects  to  be  fully  operational 
by  year’s  end.  The  pilot  proj¬ 
ect,  which  has  been  in  the 
planning  stages  for  two  years, 
is  being  funded  through  a 
$200,000  grant  from  the  U.S. 
Department  of  Homeland  Se¬ 
curity  and  is  getting  support 
from  the  FBI.  ©  53957 


the  software  gives  him. 

Tm  the  kind  of  person,  like 
most  technology  people,  who 
enjoys  having  the  ability  to  be  in 
contact  with  people  and  also  to 
control  that  contact,”  Sturm  said. 
Fie  noted  that  he  can  put  people 
he  needs  to  speak  with  on  an  ex¬ 
ceptions  list  that  lobi  Enterprise 
uses  to  immediately  put  their  calls 
through,  while  less-important 
calls  and  messages  are  routed  to 
co-workers  or  into  voice  mail. 


■ANALYST  ASSESSMENT:  Wu 

Zhou,  an  analyst  at  IDC  in  Fram¬ 
ingham,  Mass.,  said  lobi  Enter¬ 
prise  has  potential  because  it  lets 
companies  use  existing  copper 
phone  lines  and  telecommunica¬ 
tions  infrastructures.  The  chal¬ 
lenge  for  Verizon  will  be  to  con¬ 
vince  corporate  users  that  the 
software  has  benefits  beyond 
how  cool  it  is  to  techies,  she 
added.  “They  have  to  hunker 
down  and  figure  out  how  they  can 
communicate  this  to  [prospective 
users],”  Zhou  said. 

■  OTHER  VENDORS  IN  THE 
MARKET:  Siemens  Information 
and  Communication  Networks 
Inc.,  Mitel  Networks  Corp.  and 
Nortel  Networks  Ltd. 

■  PRICING:  $7  to  $8  per  user  on 
a  monthly  basis. 

■  AVAILABILITY:  lobi  Enterprise 
is  available  now  from  Virginia  to 
Maine,  where  Verizon  provides 
Centrex  services.  It  will  be  offered 
in  additional  areas  later  this  year. 
©53926 


Security  Forum’s  Demise 
Doesn’t  End  Call  for  Help 


PRIVATE-SECTOR  participation 
remains  key  to  fostering  better  IT 
security  practices  in  federal  agen¬ 
cies.  That’s  the  verdict  from  both 
sides  in  the  wake  of  a  decision 
earlier  this  month  to  pull  the  plug 
on  the  CISO  Exchange,  a  forum 
that  was  set  up  in  February  to 
promote  information  sharing 
between  private-sector  security 
professionals  and  government 
IT  managers. 

Amit  Yoran,  a  former  director 
of  the  National  Cyber  Security 
Division  at  the  U.S.  Department 
of  Homeland  Security,  said  last 
week  that  the  idea  behind  the 
CISO  Exchange  is  a  good  one 
and  still  needs  to  be  pursued. 

“If  you  really  want  to  know 
what  is  going  on,  your  best  data 
points  are  going  to  come  from 
the  private  sector,"  said  Yoran, 
who  now  works  as  an  indepen¬ 
dent  consultant. 

He  added  that  despite  misgiv¬ 
ings  over  the  possible  influence 
peddling  by  vendors  that  led  to 


the  exchange's  abrupt  demise, 
federal  chief  information  security 
officers  shouldn’t  pull  back  from 
working  with  corporate  security 
professionals  -  including  those 
who  work  at  vendors. 

One  example  in  which  such 
participation  has  yielded  sub¬ 
stantial  benefits  is  the  widely 
used  Common  Vulnerabilities 
and  Exposures  database,  which 
is  maintained  by  The  Mitre  Corp. 
in  partnership  with  the  govern¬ 
ment  and  various  vendors,  Yoran 
said. 

The  CISO  Exchange  was  the 
right  idea  with  the  wrong  ap¬ 
proach,  said  Forrester  Research 
Inc.  analyst  Michael  Rasmussen. 
He  added  that  the  focus  should 
instead  be  on  enabling  informa¬ 
tion  sharing  between  govern¬ 
ment  CISOs  and  their  corporate 
counterparts. 

The  exchange  was  created  in 
response  to  the  dismal  overall 
showing  by  federal  agencies  on 
the  2004  computer  security  re¬ 


port  card  released  by  the  House 
Government  Reform  Committee 
in  February  [QuickLink  52707], 

U.S.  Rep.  Tom  Davis  (R-Va.), 
who  is  chairman  of  the  Govern¬ 
ment  Reform  Committee,  said 
when  he  announced  the  forma¬ 
tion  of  the  CISO  Exchange  that  it 
would  help  agencies  boost  their 
security  grades. 

But  a  spokesman  for  Davis 
said  the  membership  fees  that 
vendors  would  pay  to  fund  the 
exchange  raised  concerns  about 
its  propriety. 

“It  evolved  in  a  way  that  he 
neither  anticipated  nor  was  com¬ 
fortable  with,"  leading  Davis  to 
withdraw  his  support  for  the  ex¬ 
change,  the  spokesman  said. 

The  CISO  Exchange  was  pro¬ 
moted  and  managed  by  Steven 
O’Keefe,  principal  of  O’Keefe  & 
Co.,  a  public  relations  firm  in 
McLean,  Va. 

“The  program  was  somewhat 
mischaracterized,”  O’Keefe  said. 
“There  wasn’t  sufficient  focus  on 
what  was  going  to  be  accom¬ 
plished.”  He  added  that  similar 
forums  have  been  organized  by 
other  public-sector  companies. 

-  Jaikumar  Vijayan 


NEW  PRODUCT 


Verizon  Software  Links 
Voice,  Messaging 
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NETWORK  EXCELLENCE 


QUESTION:  IS  SWITCHING  FROM  THE  STATUS  QUO 
A  STICKY  SUBJECT  INSIDE  YOUR  ENTERPRISE? 
READ  ON,  THEN  LEAD  AN  ENTERPRISE-WIDE 
CHANGE  FOR  THE  BETTER. 


Simply  Juniper  your  net  and  change  complex  legacy  configurations  into 
clean-slate  convenience.  Our  comprehensive  solutions  deliver  unprecedented 
heights  of  speed,  unbelievable  depth  of  processing,  unsurpassed  security. 


►  LEADING  THE  WAY  WITH  SECURE,  ASSURED  NETWORKING,  ONLY  JUNIPER. 

Security,  with  assured  performance.  Juniper’s  promise,  and  a  unique,  industry-altering 
brand  of  networking.  Secure  &  Assured  Networking  s  application-driven:  End-to-end 
network  control,  with  guaranteed  application  delivery  and  performance  -  network  wide. 
It’s  ceaseless  security  assessment:  Deep  inspection  firewalls,  Intrusion  Detection 
and  Prevention,  as  well  as  application-aware  remote  access  SSL  VPNs.  It’s  certain 
performance:  Predictability  through  high-availability  and  platform  stability  -  all  via 
scalable  platforms.  Just  because  users  have  access  doesn’t  mean  they  should 
have  the  run  of  your  resources  -  that’s  Secure  &  Assured  Networking. 

Juniper  means  security  and  assurance  legacy  players  can’t  emulate,  only  envy. 
Because  it’s  impossible  to  bolt  onto  their  antiquated  hardware  what’s  built  into  our 
innovative  software.  Juniper  architecture  creates  incredibly  scalable  solutions,  helping 
eliminate  downtime,  upgrades  and  workarounds  while  improving  speed,  reliability 
and  performance,  That’s  how  a  Juniper  network  thrives  in  the  most  demanding 
conditions,  allowing  customers  to  build  and  run  networks  in  the  harshest,  most 
competitive  environments  -  so  forge  ahead  and  fear  not. 


► 


► 


888-JUNIPER  (888-586-4737) 


www.juniper.net 


A  LEADER  FOR  BRAND  LEADERS,  IT’S  JUNIPER 

Juniper’s  carrier-class  performance,  intelligence  and  security  -  once  available  only 
to  SPs  -  is  here  for  your  enterprise.  That’s  why  we’re  the  recognized  leader,  and 
the  preferred  brand  of  mission-critical,  industry-defining  entities.  Trusted  by 
the  largest  firms  on  Wall  Street,  the  leading  enterprises  demanding 
perfect  performance,  the  most  vigilant  government  agencies  on 
worldwide  watch  to,  count  'em,  25  of  the  top  25  service  providers. 


LEAD  THE  WAY,  WITH  JUNIPER 

Need  more  help  convincing  your  enterprise  to  leave 
the  status  quo?  Get  insightful  case  studies  and  white 
papers,  clear  competitive  advantages  and  the 
networking  news  you  need.  And  get  it  here: 

http://www.juniper.net/solutions/lfterature/ 
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CNN  has  dubbed  him  a  modern-day  James  Bond. 

Ira  Winkler  has  heisted  nuclear  reactor  designs, 
taken  over  banks,  and  stolen  billions  of  dollars — 
all  to  help  organizations  seal  security  breaches. 

Now,  this  former  National  Security  Agency 
undercover  analyst  helps  you  adapt  the  security 
measures  of  intelligence  agencies  in  order  to  defend 
your  systems  against  such  threats  as  script 
kiddies,  foreign  intelligence  operatives,  cyber¬ 
terrorists,  and  worst  of  all,  your  trusted  insiders. 

If  Spies  Among  Us  reads  like  an  espionage 
expose,  that's  only  because  it  is. 

Praise  for  Spies  Among  Us 

"Ira  Winkler  stands  out  because  he's  the  real 
deal:  a  guy  with  a  resume  of  companies 
he's  broken  into  and  identities  he's  stolen  in 
his  job  as  a  security  and  intelligence  expert. 
He  reveals  the  top  threats  to  our  personal 
and  national  security,  with  lots  of  straight¬ 
forward  advice  on  how  to  protect  yourself. 
If  you've  got  a  social  security  number, 
you  need  to  read  this  book  whether 
1  you're  a  CEO  or  a  grandmother." 

1  — Soled  ad  O’Brien ,  CNN 
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Adobe  Agrees  to 
Buy  Macromedia 

Adobe  Systems  Inc.  said  it  plans 
to  buy  San  Francisco-based 
Macromedia  Inc.  in  a  stock-swap 
deal  that  will  give  Adobe  control 
of  technologies  such  as  Flash, 
Dreamweaver  and  ColdFusion. 
Analysts  said  the  acquisition  will 
position  San  Jose-based  Adobe  to 
compete  against  Microsoft  Corp. 
in  areas  such  as  document  man¬ 
agement  and  the  development  of 
rich-media  applications. 


Lucent  Merges  Its 
Product  Operations 

Lucent  Technologies  Inc.  said 
that  its  wireless  and  fixed-line 
network  equipment  units  are  be¬ 
ing  combined  into  a  single  group. 
“The  greatest  near-term  opportu¬ 
nity  is  wireless,”  Lucent  CEO  Pa¬ 
tricia  Russo  said,  adding  that  the 
market  for  fixed-line  gear  remains 
challenging.  Murray  Hill,  N.J.- 
based  Lucent  reported  a  6% 
revenue  increase  year  over  year 
for  the  first  quarter. 


WRQ,  Attachmate 
To  Be  Combined 

The  investment  group  that  bought 
Seattle-based  WRQ  Inc.  in  De¬ 
cember  said  it  plans  to  buy  Belle¬ 
vue,  Wash. -based  Attachmate 
Corp.  and  merge  the  rival  vendors 
of  software  for  accessing  legacy 
applications.  The  combined  com¬ 
pany  will  have  annual  revenue  of 
more  than  $200  million  and  be 
headed  by  Jeff  Hawn,  who  now  is 
WRQ’s  chairman.  Financial  terms 
weren’t  disclosed. 


Short  Takes 

The  MOZILLA  FOUNDATION  has 
updated  the  Firefox  Web  browser 
in  an  effort  to  plug  nine  security 
holes,  three  of  which  were  rated 
“critical.”  . . .  SIEBEL  SYSTEMS 
INC.  will  pay  new  CEO  George 
Shaheen  an  annual  salary  of 
$1  million,  the  same  amount  it 
was  paying  ousted  top  executive 
J.  Michael  Lawrie. 


Unisys  Offers  Long-Distance  Fail-over 


Rollout  launches 
on-demand  effort 


BY  PATRICK  THIBODEAU 

UNISYS  CORP.  last 
week  released  a 
business  continuity 
system  for  its  Intel- 
based  ES7000  Windows 
servers,  saying  that  the  tech¬ 
nology  will  allow  fail-over  to  a 
backup  site  thousands  of  miles 
away  and  recovery  within  30 
minutes. 

The  system,  called  Safe- 
Guard  30m,  is  the  first  in  a  se¬ 
ries  of  offerings  that  Unisys  of¬ 
ficials  said  will  be  released  in 
the  coming  months  under  the 
company’s  broad  Real-Time 
Infrastructure  initiative,  also 
announced  last  week.  RTI, 
which  is  philosophically  simi¬ 
lar  to  the  on-demand  and 
adaptive  computing  concepts 
advocated  by  other  IT  ven¬ 
dors,  will  include  tools  for 
infrastructure  management, 
consolidation,  modeling  and 
migration. 

SafeGuard  30m  leverages 
Microsoft  Corp.’s  clustering 
software,  but  Unisys  added  its 
own  software  and  hardware  to 
create  a  turnkey  system  in¬ 
tended  to  address  one  of  the 
challenges  of  long-distance 
data  replication. 

Business  continuity  systems 
often  use  synchronous  data 
transfers  at  the  disaster  recov¬ 
ery  site,  but  network  latency 
limits  synchronous  transfer 
distances  to  about  300  kilome¬ 
ters,  or  186  miles.  Unisys  said 
its  approach  also  permits 
asynchronous  transfers  that 
mitigate  data  loss  over  long 
distances  by  adding  disk-writ¬ 
ing  appliances  and  monitoring 
capabilities.  Depending  on  the 
size  of  the  deployment,  Safe- 
Guard  30m  costs  $200,000  to 
$1.2  million,  Unisys  said. 


Fast  Enough 

One  ES7000  user,  Larry 
Godec,  CIO  at  First  American 
Title  Insurance  Co.,  said  he’s 
already  using  EMC  Corp.’s 
Symmetrix  Remote  Data  Facil¬ 
ity  software  to  replicate  data 
from  First  American’s  head- 


SafeGuard  30m 

WHAT  IT  OFFERS:  Recovery  of 
information  in  less  than  30 
minutes  and  support  for  long¬ 
distance  data  replication. 


RIGHT  NOW:  The  disaster 
recovery  product  is  limited  to 
ES7000  servers  and  Windows. 


UPCOMING:  Support  for  other 
Intel-based  boxes  and  Linux 
(no  timetable  specified). 

quarters  in  Santa  Ana,  Calif.,  to 
a  data  center  in  Dallas.  EMC’s 
technology  also  supports  both 
synchronous  and  asynchro¬ 
nous  replication.  “I’m  not  sure 
how  Unisys  could  offer  any¬ 
thing  faster,”  Godec  said. 

Unisys  said  the  RTI  suite 
will  include  features  such  as 
dynamic  provisioning  and  vir¬ 
tualization.  But  what  Larry 
Mueller,  director  of  informa¬ 


tion  systems  operations  for 
the  Montebello  Unified 
School  District  in  California, 
really  wants  is  for  Unisys  to 
improve  the  vertical  scalabil¬ 
ity  of  the  ES7000,  which  he 
runs  with  16  processors. 

Mueller  said  multiple  appli¬ 
cations  running  on  one  in¬ 
stance  of  Windows  Server 
2003  Datacenter  Edition 
sometimes  conflict.  That 
forces  him  to  separate  the  ap¬ 
plications  into  partitions  and 
run  another  in¬ 
stance  of  the  oper¬ 
ating  system. 

The  RTI  road 
map  doesn’t  include 
the  huge  installed 
base  of  the  vendor’s  older 
product  lines.  But  separately, 
Unisys  has  an  ongoing  effort  to 
help  users  modernize  their 
ClearPath  mainframe  systems, 
which  run  the  OS  2200  and 
MCP  operating  systems. 

Greg  Schweizer,  a  lead  de¬ 


veloper  and  systems  adminis¬ 
trator  at  Oregonian  Publishing 
Co.  in  Portland,  is  upgrading 
the  newspaper’s  ClearPath- 
based  circulation  system  by 
adding  a  Unisys  middleware 
layer  and  Web  server  to  deliver 
the  application  to  browsers. 
The  project  reduces  costs,  he 
said,  because  instead  of  the 
company  paying  for  dedicated 
terminals  and  phone  lines,  cir¬ 
culation  workers  can  access 
the  system  over  any  Internet 
connection. 

Unisys  officials 
have  promised  that 
the  company  will 
continue  to  support 
its  legacy  systems, 
and  Schweizer  said  he  believes 
that  will  be  the  case.  But  he  ex¬ 
pressed  concern  about  the 
company’s  financial  perfor¬ 
mance:  Unisys  this  month  re¬ 
ported  a  first-quarter  net  loss 
of  $45.5  million,  as  revenue  fell 
7%  year  over  year.  ©  53951 


MORE  THIS  ISSUE 

Get  10  tips  for  improving 
your  disaster  recovery  plan. 
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Unisys  Takes  Turnkey  Approach,  Exec  Says 


LEO  DAIUT0,  president  of  sys¬ 
tems  and  technology  at  Unisys, 
spoke  with  Computerworld  last 
week  about  the  company’s  Real- 
Time  Infrastructure  initiative  and 
its  overall  technology  direction. 
Excerpts  follow: 

Many  enterprise  ven¬ 
dors  are  pushing  a 
technology  approach 
similar  to  RTI.  How  do 
you  distinguish  your¬ 
self  from  Hewlett- 
Packard,  Sun  Mi¬ 
crosystems,  IBM  and 
some  of  the  other  ven¬ 
dors?  In  general,  there’s 
no  doubt  that  HP,  IBM 
and  ourselves  are  all  playing  in 
the  same  market.  What  we  think 
we’re  doing  to  separate  our¬ 
selves  a  little  bit  differently  is 
we’re  also  going  to  introduce  a 
new  series  of  products  that  we 
believe  will  allow  customers  to 
save  time  and  money  in  solving 
some  of  their  problems  -  by  tak¬ 
ing  the  technology  that  we  have. 


some  from  third  parties,  integrat-  cent  introduction  of  J2EE  capa- 


ing  it  and  testing  it,  and  really 
pointing  it  at  a  specific  IT  prob¬ 
lem,  and  having  it  set  up  and 
running  in  a  couple  of  weeks. 

Is  that  more  of  an  out-of-box, 
set-it-up-yourself  approach? 

Take,  for  instance,  the 
SafeGuard  30m.  The  idea 
is  that  it's  a  turnkey  solu¬ 
tion.  It’s  comprised  of 
hardware,  software  and 
services,  to  a  point,  to 
make  this  a  viable  product. 
We’re  trying  to  get  this  to 
be  more  of  a  high-volume, 
simplified  solution. 

The  RTI  initiative 
seems  to  be  largely  built 
around  Microsoft’s  software 
and  your  ES7000  servers. 
What  are  you  doing  for  users 
of  your  ClearPath  systems? 
That’s  a  whole  different  market 
and  different  [user]  base.  Our 
primary  effort  in  the  ClearPath 
space  is  an  overall  moderniza¬ 
tion  program.  With  our  most  re- 


bilities  for  ClearPath,  it  actually 
allows  a  native  J2EE  program  to 
run  on  MCP  and  OS  2200. 

What’s  the  future  of  the  MCP 
operating  system?  MCP,  as 
well  as  OS  2200,  really  just  be¬ 
comes  core  code  running  a  vari¬ 
ety  of  applications  while  inte¬ 
grating  in  with  the  open  aspects 
of  Linux  as  well  as  Windows.  It 
really  just  becomes  an  OS  within 
an  OS.  The  future  is  to  keep  the 
benefits  that  we  have  in  MCP 
and  use  that  to  differentiate  our¬ 
selves  in  the  world  while  we  sur¬ 
round  that  with  all  the  open  as¬ 
pects  so  it  doesn’t  look  like  it’s 
locked  in  like  an  old  mainframe. 

fs  there  an  end-of-life  road 
map  looming  for  MCP?  No  - 

don’t  see  it  at  all. 

-  Patrick  Thibodeau 


READ  MORE  ONLINE 

Go  to  our  Web  site  for  the  full 
interview  with  Leo  Daiuto: 
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ACCESS  DATA  QUICKLY  AND  EASILY 

REDUCE  COSTS 

IMPROVE  DECISION  MAKING 

GET  BETTER  RESULTS 


Power  users  have  been  tapping  into  SAS’  unmatched  breadth  and  depth  of  analytics  for  years  to  drive 
their  organizations  forward.  Now  everyone  at  every  level  can  experience  the  power  of  SAS  software. 
Most  business  intelligence  vendors  deliver  historical  reports,  leaving  it  up  to  decision  makers  to  arrive  at 
recommendations  based  on  yesterday’s  answers.  SAS  is  different.  Our  combined  strengths  in  business 
intelligence  and  analytics  help  you  understand  the  past,  monitor  the  present,  and  predict  outcomes. 
SAS  takes  you  Beyond  Blm  by  making  it  easy  to  put  the  power  to  know  into  the  hands  of  everyone. 
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Amazon,  U.K.  Retailer 
Cut  E-commerce  Deal 

Amazon  services  Europe  sarl, 
Amazon.com  Inc.’s  new  European 
IT  services  unit  in  Luxembourg, 
last  week  announced  that  it  will  pro¬ 
vide  e-commerce  technology  and  host¬ 
ing  services  to  London-based  Marks 
and  Spencer  PLC,  one  of  the  U.K.’s 
largest  retailers. 

Amazon.com  provides  similar  ser¬ 
vices  in  the  U.S.  to  retail  Web  sites 
such  as  Target.com,  Toysrus.com  and 
Borders.com.  Amazon  Services  Europe 
will  provide  the  technology  behind  the 
Marks  and  Spencer  Web  site  as  well  as 
its  in-store,  telephone  and  customer 
service  systems.  Financial  terms  of  the 
deal  weren’t  disclosed. 

Marks  and  Spencer’s 
existing  Web  site  gets 
more  than  24  million 
visits  per  year,  “but  our 
e-commerce  and  cus¬ 
tomer  ordering  capabili¬ 
ties  have  yet  to  reach 
their  full  potential,” 

Steven  Sharp,  the  retail¬ 
er’s  director  of  marketing 
and  e-commerce,  said  in 
a  statement.  The  first 
phase  of  the  contract 


with  Amazon  is  expected  to  produce 
an  integrated  ordering  service  by  mid- 
2006  for  in-store,  online  and  telephone 
channels,  the  two  companies  said. 


Wi-Fi  Hot  Spot  Placed 
Near  the  North  Pole 

LONDON 

wo  employees  from  Intel  Corp.’s 
Moscow  office  have  installed 
what  may  be  the  world’s  most 
northerly  Wi-Fi  hot  spot,  130  kilome¬ 
ters  from  the  North  Pole,  the  company 
announced  on  April  14.  The  hot  spot 
was  deployed  in  the  Arctic  region’s 
Barneo  camp,  a  temporary  tent  com¬ 
plex  for  scientists  and  expeditions 
that’s  located  on  a  drifting  block  of  ice 
at  the  89th  parallel  north. 

The  Intel  employees 
put  an  802.11b/g  access 
point  inside  the  camp’s 
headquarters  and  set  up 
a  wireless  LAN  using 
four  laptops  equipped 
with  the  company’s 
Centrino  mobile  tech¬ 
nology.  One  of  the  lap¬ 
tops  was  placed  outside 
and  connected  to  a  satel¬ 
lite  phone  to  provide  In¬ 
ternet  access. 


The  equipment  survived  the  cold  — 
the  air  temperature  at  the  camp  rarely 
rises  above  -30  degrees  Celsius  —  and 
worked  reliably,  according  to  Intel  in¬ 
staller  Vsevolod  Sementsov.  The  main 
problems  were  short  battery  life  and 
what  Sementsov  described  as  “back¬ 
seat  drivers.” 

■  SCARLET  PRUITT,  IDG  NEWS  SERVICE 


Munich  Taps  Debian 
Linux  for  Desktops 

DUSSELDORF,  GERMANY 

he  city  of  Munich  announced 
on  April  15  that  it  will  use  the  free 
Debian  distribution  of  Linux  in¬ 
stead  of  a  commercial  version  for  its 
move  from  Windows  NT  to  the  open- 
source  operating  system  on  14,000 
desktop  PCs. 

The  municipality  selected  Softcon 
AG  and  Gonicus  GmbH,  two  German 
IT  services  firms  that  submitted  a  joint 
bid,  to  install  and  support  the  Debian 
software.  The  so-called  LiMux  project 
is  expected  to  be  completed  by  the  end 
of  2008. 

There  was  a  high  level  of  participa¬ 
tion  in  the  bid  process,  which  showed 
that  Linux  on  the  desktop  is  no  “exotic 
solution,”  said  Peter  Hofmann,  LiMux 
project  manager  at  the  Munich  govern¬ 
ment’s  data  processing  center,  in  a 
statement.  ©  53900 
■  JOHN  BLAU,  IDG  NEWS  SERVICE 


Compiled  by  Mitch  Betts. 


Briefly  Noted 

IBM,  which  reported  disappointing 
first-quarter  results  [QuickLink 
53834],  is  expected  to  announce  a 
major  restructuring  in  Europe  by  the 
end  of  June.  That  will  include  laying 
off  thousands  of  employees,  closing 
certain  operations  in  Western  Eu¬ 
rope  and  moving  some  operations 
to  Eastern  Europe,  according  to 
sources  familiar  with  the  plan.  IBM 
officials  declined  to  discuss  details 
of  the  expected  restructuring. 

■  LAURA  ROHDE,  IDG  NEWS  SERVICE 


Fujitsu  Services  Ltd.,  based  in 
London,  earlier  this  month  an¬ 
nounced  that  it  won  a  £170  million 
contract  ($326  million  U.S.)  to 
manage  desktop  computing  support 
for  more  than  70,000  employees  at 
U.K.  banking  company  Lloyds  TSB 
Group  PLC.  Under  the  five-year 
deal,  the  bank  will  transfer  300  IT 
staffers  to  Fujitsu. 


Hewlett-Packard  Co.  said  that 
it  plans  to  invest  $50  million  in  a 
business  process  outsourcing  cen¬ 
ter  in  Wroclaw,  Poland.  The  center 
will  open  this  week. 

■  SCARLET  PRUITT.  IDG  NEWS  SERVICE 


GLOBAL  FACT 


The  year  the  Asia-Pacific 
region  will  surpass  North 
America  in  the  number 
of  professional  software 
developers. 

SOURCE:  PROJECTION  BY  IDC, 
FRAMINGHAM,  MASS. 


Opteron  Goes  Dual-Core, 
But  Dell  Still  Isn’t  Buying 


BY  TOM  KRAZIT 

Advanced  Micro  Devices  Inc. 
last  week  again  beat  Intel 
Corp.  to  market  with  cutting- 
edge  technology,  announcing 
two  series  of  Opteron  CPUs 
with  a  pair  of  processing  cores 
on  a  single  chip.  But  while 
Hewlett-Packard  Co.,  IBM  and 
Sun  Microsystems  Inc.  said 
they  plan  to  use  the  dual-core 
devices  in  servers,  Dell  Inc. 
remains  an  Opteron  holdout. 

During  a  meeting  with  fi¬ 
nancial  analysts  in  Austin  ear¬ 
lier  this  month,  Dell  execu¬ 
tives  reiterated  that  the  com¬ 
pany  plans  to  remain  an  Intel- 
only  vendor,  at  least  for  now. 

Dell  flirted  with  AMD  last 
year,  as  Intel  foundered  with 
manufacturing  missteps  and 


product  road  map  detours.  But 
Intel  has  stabilized  its  chip  de¬ 
velopment  plans  since  last  No¬ 
vember,  according  to  analysts, 
and  Dell  has  eased  back  on  its 
AMD-friendly  rhetoric. 

Jeff  Clarke,  senior  vice  pres¬ 
ident  in  charge  of  Dell’s  enter¬ 
prise  products,  said  in  an  in¬ 
terview  with  Computers orld 
in  February  that  the  company 
was  standing  by  Intel  on  proc¬ 
essors  [QuickLink  52665].  At 
the  analyst  meeting  this  month, 
Clarke  noted  that  Dell  had 
seen  only  “marginal  increases” 
in  demand  for  AMD’s  chips 
from  customers. 

University  of  Buffalo  profes¬ 
sor  Russ  Miller,  who  runs  the 
school’s  Center  for  Computing 
Research,  cited  problems  with 


the  bus  architecture  design 
for  Intel’s  upcoming  dual-core 
Xeon  processors  as  one  reason 
why  Opteron  is  an  alluring  op¬ 
tion  for  high-performance 
computing  users  as  well  as 
some  business  customers.  The 
Intel  chips  will  share  a  bus 
connection  to  the  memory  in 
servers,  which  could  affect 
performance  on  applications 
that  require  fast  shuffling  of 
data  to  and  from  memory. 

Miller  said  that  in  conversa¬ 
tions  with  Chairman  Michael 
Dell  and  other  Dell  executives, 
he  has  expressed  his  satisfac¬ 
tion  with  the  company’s  engi¬ 
neering  and  sales  teams.  But 
he  also  told  them  of  his  desire 
for  an  Opteron-based  server 
from  Dell.  “We  don’t  see  an 
option  from  Dell,”  Miller  said. 
“But  we  know  this  is  impor¬ 
tant  to  our  industry.” 

Intel  isn’t  expected  to  re¬ 
lease  its  dual-core  Xeon 


processor  until  early  2006. 
However,  Dell  executives  not¬ 
ed  that  adopting  AMD  as  a 
supplier  would  increase  the 
computer  maker’s  operating 
costs  because  it  would  need  to 
set  up  new  development  and 
testing  teams.  Using  Opteron 
also  could  affect  the  pricing 
deals  that  Dell  gets  from  Intel 


in  return  for  its  fidelity. 

“If  Dell  were  to  offer 
[Opteron  systems],  that’d  be 
great,”  said  Chris  Ruffieux, 
vice  president  of  technology 
at  Gannett  Media  Technolo¬ 
gies  International  in  Norfolk, 
Va.  “But  if  it’s  going  to  cause 
the  prices  of  other  things  I’m 
buying  from  Dell  to  go  up,  I’d 
rather  have  it  stay  the  same.” 

Dell  and  Alienware  Corp. 
last  week  began  shipping  PCs 
with  Intel’s  first  dual-core 
processor,  the  Pentium  Ex¬ 
treme  Edition  840.  The  fact 
that  both  AMD  and  Intel 
launched  their  initial  dual¬ 
core  products  in  the  same 
week  “is  pretty  amusing,”  said 
Kevin  Krewell,  editor  in  chief 
of  Microprocessor  Report  in 
San  Jose.  “They’re  fighting 
tooth  and  nail.”  ©  53954 


Krazit  writes  for  the  IDG 
News  Service. 
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Perhaps  you’ve  heard:  Oracle  desupported  Oracle 
Database  8i  last  year.  Meaning  potential  headaches, 
higher  cost  or  a  complete  migration  to  current  versions 
of  Oracle.  Fortunately,  IBM  offers  ongoing,  around-the- 
clock  service  and  support  for  DB2. 

But  that’s  not  all.  A  Solitaire  study  has  found  that,  on 
average,  Oracle  Database  requires  25%  more  time  to 
manage  than  DB2.1  That’s  big. 

And  an  ITG  study  showed  overall  costs  for  Oracle  Database 
up  to  four  times  higher  than  DB2?  The  Transaction  Process¬ 
ing  Performance  Council  results  show  that  DB2  and 
eServer"'  p5-595  are  more  than  twice  as  scalable  as  Oracle 
Real  Application  Clusters,  making  them  the  overwhelming 
performance  and  scalability  leader  for  TPC-C.3  That’s  big,  too. 


No  wonder  DB2  is  regarded  as  the  leading  database  built 
on  and  optimized  for  Linux*  UNIX1"  and  Windows?  Like 
other  IBM  database  engine  products  such  as  Informix3 
and  Cloudscape',”  DB2  is  part  of  an  innovative  family  of 
information  management  middleware  that  integrates,  and 
can  actually  add  insight  to  your  data. 

It’s  also  built  to  take  full  advantage  of  your  existing 
heterogeneous  and  open  environments,  and  is  built  to 
enable  true  grid  computing. 

Why  not  move  up  to  middleware  that  makes  sense?  Now 
you  can  get  IBM  DB2  Universal  Database  or  Informix 
by  taking  advantage  of  our  extremely  compelling  trade- 
up  program.  Visit  ibm.com/db2/swap  today  to  find  out  if 
you  qualify. 


DEMAND  BUSINESS 


IBM.  (he  IBM  logo.  DB2,  eServer,  Informix,  Cloudscape  and  the  On  Demand  logo  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United 
States  and  other  countries.  Linux  is  a  registered  trademark  of  Linus  Torvalds.  Microsoft  and  Windows  are  registered  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other 
countries.  UNIX  is  a  registered  trademark  of  The  Open  Group  in  the  United  States  and/or  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks 
of  others.  ©  2005  IBM  Corporation.  All  rights  reserved.  "‘DB2  Performance  on  IBM  Server*  pSeries  and  xSeries,"  Solitaire  Intergloba!  Ltd.,  2003:  based  on  Oracle  Database  9i.  ‘“IBM 
Solutions  for  PeopleSoft  Deployment  in  Mid-sized  Businesses  Quantifying  the  New  Cost/Benefit  Equation,"  July  2003.  International  Technology  Group.  Los  Altos,  California  5AII  referenced 
results  are  current  as  of  12/14/04.  DB2  UDB  v8.2  on  IBM  eServer  p5  595  (64-way  POWER5  1.9  GHz)  and  AIX  5.3L:  3,210.540  tpmC  @  $5.19/tpmC  available:  May  15.  2005,  vs.  Oracle 
RAC  10g  on  HP  Integrity  rx5670  Cluster  64P  (16  x  4-way  Intel  Itanium2  6M  1.5GHz):  1,184,893  tpmC  @  $5.52/tpmC  available:  April  30.  2004;  TPC  Benchmark,  TPC-C,  tpmC  are 
tradefnarks  of  the  Transaction  Processing  Performance  Council.  For  further  TPC-related  information,  please  see  http://www.tpc.org/ 
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Credit  Cards 


transaction  levels.  Banks  that 
issue  credit  cards  will  be  re¬ 
sponsible  for  ensuring  that 
companies  comply  with  PCI 
and  could  face  up  to  $500,000 
in  fines  per  incident  if  data  is 
compromised. 

The  PCI  standard  aligns  and 
builds  on  the  separate  security 
requirements  that  both  Mas¬ 
terCard  and  Visa  had  prior  to 
December  2004,  said  John 
Verdeschi,  MasterCard’s  vice 
president  of  e-business  and 
emerging  technologies.  It’s  de¬ 
signed  to  offer  a  common  ap¬ 
proach  for  protecting  credit 
card  data  across  both  brands, 
he  said. 

Other  card  companies,  in¬ 
cluding  American  Express  Co. 
and  Diners  Club  International 
Ltd.,  have  also  endorsed  the 
PCI  standard,  he  added. 

Complex  Requirements 

“The  good  part  about  the  pro¬ 
gram  is  that  it  provides  good 
guidelines  and  standards  of 
conduct,”  said  Todd  Mazurek, 
vice  president  of  strategic 
planning  at  Tickets.com  Inc., 
a  Costa  Mesa,  Calif.-based 
provider  of  ticketing  services 
for  live  events. 

But  complying  with  some  of 
the  PCI  provisions  could  be 
difficult  for  midsize  and  small 
merchants,  Mazurek  warned. 
One  example  is  the  require¬ 
ment  that  merchants  record 
and  keep  track  of  all  activity 
involving  access  to  informa¬ 
tion  about  cardholders. 

“That’s  a  lot  of  information 
that  you  need  to  track,”  Ma¬ 
zurek  said.  “Doing  that  in  a 
manner  that  doesn’t  impact 
your  responsiveness  is  some¬ 
what  tricky.” 

OshKosh  B’Gosh  Co.  is 
working  with  the  vendor  of  its 
point-of-sale  software  to  bring 
approximately  600  POS  sys¬ 
tems  in  170  stores  into  compli¬ 
ance  with  PCI,  said  Jon  Dell’- 
Antonia,  CIO  at  the  Oshkosh, 
Wis.-based  clothing  retailer. 

“It  really  involves  what  data 
you  capture  and  forward  when 
you  scan  a  credit  card  in 
stores,”  Dell’Antonia  said.  The 
company  is  also  evaluating 


what  other  changes  it  needs 
to  make  to  comply  fully  with 
the  standard,  he  added. 

Jelly  Belly  Candy  Co.  is  do¬ 
ing  a  similar  evaluation  of  its 
Web  site  operations  to  see 
what  compliance-related  is¬ 
sues  it  might  need  to  address, 
said  Gary  Praegitzer,  a  securi¬ 
ty  specialist  at  the  Fairfield, 
Calif. -based  candy  maker. 

“It’s  a  good  thing  to  have  a 
list  of  things  to  check  off  to  see 
if  we  are  following  guidelines,” 
Praegitzer  said.  He  added  that 
Jelly  Belly  is  using  Qualys 
Inc.,  its  vulnerability  assess¬ 
ment  service  provider,  to  scan 
and  audit  the  site.  Redwood 
Shores,  Calif.-based  Qualys 
offers  a  MasterCard-certified 
testing  process  that  features 
self-service  compliance  assess¬ 
ment  and  reporting. 

The  PCI  requirements  re- 


The  Digital  Dozen 


VISA  AND  MASTERCARD’S  NEW  DATA  PROTECTION  RULES 


BUILD  AND  MAINTAIN  IMPLEMENT  STRONG 

A  SECURE  NETWORK  ACCESS-CONTROL  MEASURES 

Install  and  maintain  a  firewall  Restrict  access  to  data  by 

configuration  to  protect  data.  business  need  to  know. 

Do  not  use  vendor-supplied  de-  Assign  a  unique  ID  to  each 

faults  for  system  passwords  and  person  with  computer  access, 

other  security  parameters.  Restrict  physical  access  to 

PROTECT  data  about  cardholders. 

CARDHOLDER  DATA  REGULARLY  MONITOR  AND 

Safeguard  stored  data.  TEST  NETWORK  SECURITY 

Encrypt  transmission  of  card-  Track  and  monitor  all  access 
holder  data  and  sensitive  infor-  to  network  resources  and 
mation  across  public  networks.  cardholder  data. 

MAINTAIN  A  VULNERABILITY  Regularly  test  security  systems 

MANAGEMENT  PROGRAM  and  processes. 

Use  and  regularly  update  INFORM  EMPLOYEES  ABOUT  » 

antivirus  software.  SECURITY  POLICIES  < 

Develop  and  maintain  secure  Maintain  a  policy  that  addresses  §  l 

systems  and  applications.  information  security.  § 
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fleet  an  effort  to  staunch  the 
growing  costs  associated  with 
credit  card  fraud  and  security- 
related  card  replacements, 
said  Michael  Dahn,  a  senior 
adviser  at  Ambiron  LLC,  a 
Chicago-based  provider  of  se¬ 
curity  services  for  the  pay¬ 
ment  processing  industry. 

For  example,  companies  will 
need  to  encrypt  or  otherwise 
mask  credit  card  information 
that  may  be  stored  on  POS 
systems,  Dahn  said.  Currently, 
many  retailers  store  credit 
card  information  on  such  sys¬ 
tems  for  periods  of  up  to  a 
month  for  backup  or  settle¬ 
ment  reasons,  he  noted. 

Under  PCI,  it  would  be  an 
“egregious  violation,”  subject 
to  steep  fines,  for  companies 
to  store  unencrypted  credit 
card  data  on  POS  systems, 
Dahn  said.  ©  53943 
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NYSE 

Chicago-based  Archipelago, 
according  to  officials  at  the 
two  exchanges. 

Steve  Rubinow,  Archipel¬ 
ago’s  chief  technology  officer, 
said  that  while  the  two  ex¬ 
changes  will  likely  learn  a  lot 
from  each  other’s  vastly  differ¬ 
ent  technology  infrastruc¬ 
tures,  their  IT  departments 
will  remain  separate  and  their 
systems  will  run  in  parallel  for 
the  foreseeable  future. 

The  two  IT  teams  will  have 
a  close  working  relationship, 


Rubinow  said,  but  he  added 
that  “the  nature  of  that  work¬ 
ing  relationship  has  yet  to  be 
spelled  out.”  As  for  the  future 
of  the  two  trading  approaches, 
“it’s  really  up  to  what  cus¬ 
tomers  want  to  do,”  he  said. 
“They’ll  help  us  determine 
what  the  future  of  all  these 
systems  will  look  like.” 

Different  Strategies 

The  separate  paths  planned  by 
the  NYSE  and  Archipelago 
contrast  with  the  technology 
integration  strategy  that  Nas¬ 
daq  outlined  for  its  proposed 
acquisition  of  Instinet  Group 
Inc.’s  electronic  exchange. 

The  addition  of  Instinet’s 
trade-matching  engine  should 
make  “our  technological  plat¬ 
form  more  competitive,”  Nas¬ 
daq  CEO  Bob  Greifeld  said. 
Nasdaq  also  noted  that  it  ex¬ 
pects  Instinet’s  technology  to 
help  it  realize  “significant  sav¬ 
ings.”  (For  more  details  about 
the  Nasdaq/Instinet  deal,  see 
At  Deadline  on  page  4.) 

The  NYSE’s  postmerger  IT 
strategy  hews  to  a  plan  that  it 
had  already  put  in  place  for 
supporting  a  mix  of  trading 
methods.  In  an  interview  last 
December,  Roger  Burkhardt, 
the  NYSE’s  CTO,  said  the  ex¬ 
change  planned  to  adopt  a 
hybrid  model  that  would  allow 
electronic  and  traditional 


floor  trading  to  take  place 
side  by  side. 

Echoing  Rubinow’s  com¬ 
ments,  an  NYSE  spokes¬ 
woman  said  last  week  that  of¬ 
ficials  there  and  at  Archipel¬ 
ago  “are  committed  to  going 
forward  with  the 
hybrid  model,  and 
the  markets  will 
remain  distinct.” 

However,  she 
added  that  the 
two  exchanges 
“will  be  exploring 
ways  to  work  to¬ 
gether.” 

If  the  ex¬ 
changes  are  kept 
separate,  “a  lot  of 
the  IT  challenges 
would  be  mini¬ 
mized,”  said  Bill 
Cline,  a  financial 
industry  consul¬ 
tant  at  Accenture 
Ltd.  But  both 
Cline  and  Jodi 
Burns,  an  analyst 
at  Celent  Com¬ 
munications  LLC 
in  Boston,  said  it’s  likely  that 
traders  will  ultimately  deter¬ 
mine  the  fate  of  the  NYSE’s 
open-outcry  auction  system. 

Burns  added  that  she  can’t 
see  why  the  combined  compa¬ 
ny  would  keep  the  NYSE’s 
two-century-old  approach 
alive  for  long,  because  elec¬ 


tronic  trades  can  be  processed 
much  more  quickly  than  those 
done  on  a  trading  floor. 

Currently,  the  NYSE  elec¬ 
tronically  matches  only  about 
10%  of  its  trades,  according  to 
Larry  Tabb,  an  analyst  at  The 
Tabb  Group  in 
Westboro,  Mass. 
The  NYSE  also 
hasn’t  been  ag¬ 
gressive  about 
adopting  technol¬ 
ogy  to  automate 
the  trade-match¬ 
ing  process,  Tabb 
and  other  analysts 
said.  For  example, 
trade  orders  are 
still  manually  key¬ 
punched  into  the 
exchange’s  clear¬ 
ing  and  settle¬ 
ment  system. 

Tabb  said  the 
planned  merger 
would  provide  the 
NYSE  with  access 
to  “very  good 
front-end  technol¬ 
ogy”  for  tasks 
such  as  managing  the  flow  of 
trade  orders  and  accepting  dif¬ 
ferent  types  of  orders.  But,  he 
noted,  “developing  the  capa¬ 
bility  for  floor  brokers  and 
specialists  to  interact  with  an 
electronic  flow  will  take  time 
—  time  to  develop  and  time  to 
adapt.”  ©  53932 


It’s  really  up 
to  what  the 
customers  want 
to  do.  They’ll  help 
us  determine 
what  the  future  of 
all  these  systems 
will  look  like. 


STEVE  RUBINOW, 
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Microsoft  Aims  to  Boost  Deployment,  Availability 


Longhorn  OS  will  also 
support  role-based 
servers,  Allchin  says 

BY  CAROL  SLIWA  AND 
ROBERT  L.  MITCHELL 

BOSTON 

Microsoft  Corp.  plans  to  hand  out  a  pre¬ 
view  copy  of  its  next  major  Windows 
release,  code-named  Longhorn,  at  the 
Windows  Hardware  Engineering  Con¬ 
ference  this  week  in  Seattle.  In  addition, 
it’s  expected  to  release  64-bit  editions  of 
Windows  XP  and  Windows  Server  2003. 
Jim  Allchin,  group  vice  president  of  plat¬ 
forms  at  Microsoft,  spoke  with  Comput- 
erworld  earlier  this  month  about  Long¬ 
horn  and  the  potential  benefits  of  64-bit 
computing.  Excerpts  follow: 

What  new  features  in  Longhorn  are  tailored 
for  IT  shops?  In  business,  we  want  to  be 
able  to  manage  the  [system]  images 
that  people  are  creating  for  deploy¬ 
ment.  Today,  it’s  very  complicated  for 
them.  They  have  to  build  im¬ 
ages  for  different  locales 
around  the  world  because  of 
different  languages.  They  have 
to  build  images  that  are  differ¬ 
ent  depending  on  the  type  of 
hardware  that  they’re  deploy¬ 
ing  [Windows]  to.  All  those 
add  cost.  We’re  trying  to  do  a 
re-engineer  of  that  to  make 
that  much  simpler. 

Another  example:  We’re  going  to 
drop  the  number  of  reboots.  We’ll  do 
ad  hoc  patching.  There’s  a  whole  set  of 
things  we’re  doing  to  try  to  keep  the 
system  to  where  availability  is  higher. 

Do  you  have  a  goal  for  continuous  uptime? 

We  do,  but  I’m  not  going  to  quote  it. 

How  will  role-based  computing  work  in 
the  server  version  of  Longhorn?  Our  focus 
is  to  take  the  “experience  thinking” 
[about  what  users  do  with  systems] 
and  tie  it  to  roles  that  the  server  is  in: 
“This  is  a  Web  server.”  “This  is  a  mes¬ 
saging  system.”  “This  is  an  [Active  Di¬ 
rectory]  certificate  system.”  You  check 
that  role,  and  everything  you  need  for 
that  role  is  there.  You  don’t  have  to 
think.  It’s  like  a  Swiss  Army  Knife,  only 
instead  of  having  the  rest  of  the  blades 
there,  which  might  get  in  your  way, 
you  basically  say,  “I  want  this  blade,” 
and  the  rest  of  the  blades  fall  away. 

So  it  means  stripping  away  everything 
that’s  superfluous  and  getting  back  to  some 


sort  of  Windows  core  plus  a  set  of  dedicat¬ 
ed  features?  Once  you  decide  that  that’s 
what  this  server  is,  then  that’s  what 
runs  in  that  box.  We  did  it  a  little  bit  in 
[Windows]  2000,  more  in  [Windows 
Server]  2003,  and  we’re  just  taking  it  to 
the  next  step  here. 

Which  features  coming  in  Longhorn  do  you 
think  will  help  most  as  you  compete  against 
Linux?  We’re  working  on  partitioning. 
That  [provides]  the  ability  to  add 
processors  and  add  memory  while  the 
system  is  running.  There’s  a  whole  set 
of  availability  [features]  —  the  ability 
for  fewer  reboots.  Componentization,  I 
think,  will  be  appreciated  as  well  — 
and  the  role-based  approach. 

What  new  capabilities  will  users  gain  with 
64-bit  computing?  The  64-bit  world  is 
very  significant  for  a  number  of  rea¬ 
sons,  most  of  which  people  don’t  un¬ 
derstand,  in  my  view. 

First,  x64  supports  128  gigabytes  of 
RAM  and  16  terabytes  of  virtual  ad¬ 
dress  [space].  What  this  means 
is  you  could  actually  apply  a 
significant  amount  of  memory 
to  one  of  these  machines,  and 
you  could  keep  everything 
that  you’re  dealing  with  in 
memory.  You  can  search  and 
tie  pieces  of  information  to¬ 
gether  in  such  a  simple  way  be¬ 
cause  you  can  just  use  brute- 
force  approaches. 

Another  advantage  that  I  see  deals 
with  security,  in  that  64-bit  has  “no  ex¬ 
ecute”  on  by  default.  That  means  you 
have  an  additional  level  of  security  — 
not  perfection,  but  an  additional  level 
of  security  for  marking  data  segments 
as  not  being  able  to  run  code.  So  it 
means  certain  attacks  to  the  [operating 
system]  stack  aren’t  possible.  We  tried 
to  do  this  a  little  bit  with  [Windows 
XP]  SP2  for  the  32-bit  world,  but  it 
doesn’t  work  anywhere  near  as  easily 
as  in  the  64-bit  world. 

Will  32-bit  applications  experience  a  boost 
in  performance  running  on  64-bit  Win¬ 
dows?  We’ve  done  a  bunch  of  tests. 
What  you  will  see  typically  is  a  little 

READ  MORE  (HUE 

Go  to  our  Web  site  for  an  expanded  version 
of  this  interview  with  Jim  Allchin: 

QuickLink  53852 

Microsoft  provides  an  early  look  at  Longhorn’s 
new  file  navigation  and  search  capabilities: 

QuickLink  53842 
www.computerworld.com 


bit  of  performance  gain. 

Perhaps  5%  to  10%?  Yeah.  It’s  small.  It 
dramatically  depends  on  how  much 


[the  applications]  call  the  OS.  The 
more  they  call  the  OS,  the  more  gain 
they’ll  get. 

Will  there  be  separate  32-  and  64-bit 
versions  of  Longhorn?  We’ll  have  both. 
©  53821 
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DON  TENNANT 


‘Trivial’  Pursuit 


ERE’S  A  PIECE  OF  IT  TRIVIA  for  you. 
One  day  back  in  the  mid-’90s,  I  asked 
Bill  Gates  this  question:  “If  you  could 
have  one  other  software  vendor’s  tech¬ 
nology  dropped  in  your  lap  free  of 
charge  tomorrow,  with  no  worries  about  Justice 


Department  investiga¬ 
tions,  what  would  you 
pick?”  What  do  you  sup¬ 
pose  he  said? 

Well,  Gates  being 
Gates,  he  dismissed  any 
technology-related  attrac¬ 
tion  to  anyone  else’s  soft¬ 
ware.  He  picked  IBM’s 
MVS  for  the  bucks.  “They 
have  an  installed  base  of 
25,000  that’s  growing  zero 
units  a  year,  and  they 
make  $6  billion  a  year,” 

Gates  said.  “So  the  most  profitable 
software  franchise  ever  is  what  IBM 
has  done  there.”  Hey,  he’s  nothing  if 
not  a  businessman. 

My  comeback  was  that  I  would 
have  guessed  he’d  choose  some  sort 
of  Internet-related  software.  Re¬ 
member,  this  was  back  when  Micro¬ 
soft  was  seen  as  being  very  late  to 
the  Internet  game,  and  that  pesky 
Netscape  upstart  was  giving  it  fits. 

“I  wouldn’t  say  that,”  Gates  re¬ 
sponded  with  characteristic,  if 
feigned,  nonchalance.  “Because  an 
Internet  browser  is  a  trivial  piece  of 
software.” 

I  didn’t  realize  it  at  the  time,  but 
that  “trivial  piece  of  software”  line 
would  become  the  most  frequently 
quoted  comment  from  any  interview 
I’ve  ever  done.  I’ve  seen  it  cited, 
even  years  later,  in  books,  newspa¬ 
pers,  research  papers  and  essays. 

I  did  know  then  that  it  was  a  con¬ 
troversial  statement.  So  being  the 
troublemaker  I  am,  when  I  hooked 
up  with  Netscape  co-founder  and 
then-chairman  Jim  Clark  a  couple  of 
months  after  that  chat  with  Gates, 
the  first  thing  I  did  was  tell  him  what 
Gates  had  said  about  browsers. 


don  tenhant  is  editor  In 
chief  Of  Compiiterworld. 
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Clark’s  response  was 
priceless.  “MS-DOS  is  a 
trivial  piece  of  software,” 
he  fumed.  “Why  was  he 
successful?  Because  he 
wrote  some  beautiful 
piece  of  software?  That’s 
totally  ridiculous.  He 
didn’t  even  write  the  damn 
thing.  He  licensed  it.  At 
least  we’ve  got  the  guys 
who  originally  wrote 
ours.”  Calm  down,  Jim. 
Fast-forward  10  years 
to  the  present,  when  we  can  all  agree 
that  browsers  are  anything  but  triv¬ 
ial.  Looking  back,  it’s  clear  that 
Gates’  statement  was  even  goofier 
than  it  was  controversial.  If  the 
browser  was  so  trivial,  why  would 
Gates  subsequently  claim  through 
years  of  antitrust  litigation  that  it 
was  technically  too  complicated  to 
unbundle  it  from  the  operating  sys¬ 
tem?  And  if  it  was  so  easy  to  make 


one  that  works  well,  why  have  Mi¬ 
crosoft  and  the  millions  of  us  who 
use  Internet  Explorer  suffered  so 
much  pain  from  the  security  flaws 
that  have  riddled  IE? 

No,  it’s  hardly  easy.  That’s  why, 
ironically  enough,  Microsoft  has 
such  a  chokehold  with  IE.  Netscape 
found  it  too  difficult  to  make  its 
browser  sufficiently  compelling  to 
prevent  its  marginalization  to  near 
oblivion.  According  to  the  Web  mon¬ 
itoring  outfit  Net  Applications,  as  of 
February  Netscape  held  a  pathetic 
1.89%  share  of  the  browser  market. 

And  now  there’s  Firefox,  the  open- 
source  offering  from  the  Mozilla 
Foundation  that  in  a  few  short 
months  has  grabbed  an  impressive 
6.17%  share  of  the  market,  according 
to  Net  Applications.  The  surge  has 
pushed  IE’s  share  down  under  90%. 
Just  one  glitch.  Well,  make  that  a  lot 
of  glitches:  On  April  15  Mozilla  an¬ 
nounced  a  third  round  of  fixes  for 
Firefox  security  flaws,  this  time 
patching  eight  critical  holes  [Quick- 
Link  53859].  Not  a  trivial  number.  At 
this  rate,  Gates’  nonchalance  won’t 
need  to  be  feigned.  ©  53913 
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VIRGINIA  ROBBINS 

The  IT 

Funding 

Dilemma 


“Ni 


'OT  ENOUGH  re¬ 
sources,”  moaned 
one  of  my  direct 

reports.  I  was  a  bit  surprised  by  his 
answer  when  I  asked  what  his  most 
pressing  issue  was. 

I  had  expected  him  to  name  one  of 
the  many  large  projects  that  he  was 
managing.  But  no,  none  was  at  risk;  the 
thing  for  him  was  that  the  list  of  poten¬ 
tial  projects  seemed  infinite.  I  under¬ 
stood.  Our  triple-digit  growth  meant 
that  our  bright,  aggressive  marketers, 
cost-driven  operations  managers  and 
ever-diligent  compliance  officers  were 
all  thinking  up  new  ideas  daily. 

The  primary  cause  of  the  never- 
ending  lists  problem  used  to  be  a  poor 
IT  governance  process.  But  we 
launched  a  new  pro¬ 
gram  a  year  ago,  and 
since  then,  my  em¬ 
ployee’s  team  has 
contributed  many 
improvements.  To¬ 
day,  the  business 
owners  speak  highly 
of  the  transparency 
of  the  process  and 
believe  that  projects 
are  getting  selected 
and  worked  on  in  the 
right  order.  Still,  they 
all  would  like  to  have 
more  projects  done. 

So  would  I.  But  to  do  so  would  re¬ 
quire  more  funding. 

What  if  we  did  have  more  people 
who  were  completely  trained  and  as 
good  as  or  better  than  the  current 
staff?  Would  that  be  enough?  Probably 
not.  IT  funding  is  like  your  salary.  No 
matter  what  level  it’s  at,  it’s  always  go¬ 
ing  to  take  another  20%  to  make  you 
completely  satisfied,  and  I  know  of  no 
truly  satisfied  successful  CIO. 

I’ve  experienced  what  can  happen 
when  an  IT  department’s  funding 
keeps  expanding.  A  company  I  worked 
at,  believing  that  its  products  were  tru¬ 
ly  different,  required  that  its  software 
be  customized.  The  costs  to  support 
the  heavily  customized  code  grew  each 
year  until  IT  became  one  of  the  largest  - 
departments.  Eventually,  the  company 
was  unable  to  keep  pace  with  its  com¬ 
pliance  requirements.  Once  profits  be- 
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gan  to  decline  and  operations  were 
questioned  by  regulatory  agencies,  the 
board  brought  in  a  new  CEO,  who  fixed 
the  problems  by  outsourcing  85%  of  IT. 

The  challenge  is  finding  the  sweet 
spot  where  IT  is  spending  enough  to 
fund  the  most  meaningful  projects  but 
not  so  much  as  to  create  problems  for 
the  company.  I  depend  upon  average 
industry  ratios  of  IT  expenses  to  total 
company  expenses.  If  we’re  roughly  in 
line  with  others  within  our  industry, 
then  all  things  being  equal,  our  profits 
should  be  roughly  the  same  as  those  of 
our  competitors.  Usually  measured  as  a 
percentage  of  total  expenses,  the  range  of 
these  ratios  is  typically  from  3%  to  20%. 

These  are  guidelines,  however.  How 
dollars  are  to  be  allocated  to  IT  is  best 
determined  by  considering  business 
alignment  and  IT  governance.  I’ve 
worked  in  two  industries  with  very  high 
ratios.  The  percentages  I  have  had  to 
work  with  have  ranged  from  12%  to  35%. 
The  final  amount  for  my  IT  department 
has  been  a  compromise  that  considers 
the  company’s  financial  goals,  market¬ 
ing  and  sales  goals,  regulatory  needs 
and  short-term  limitations  within  IT. 

Once  again,  it  comes  back  to  good 
governance.  As  for  my  employee,  I 
need  to  remember  to  tell  him  that 
while  it  may  seem  frustrating  at  times, 
the  work  that  he’s  doing  within  our 
agreed  IT  governance  is  enabling  him 
to  be  a  strategic  gatekeeper  for  the 
company.  He’s  done  a  terrific  job  in 
improving  his  team’s  efficiency  in  that 
our  expenses  dropped  1%  last  year. 

The  list  of  projects  may  seem  long,  but 
right  now  he’s  doing  an  incredibly  im¬ 
portant  job  in  ensuring  that  the  compa¬ 
ny’s  capital  is  spent  on  the  right  IT 
projects  at  the  right  time.  ©  53841 

DAVID  MOSCHELLA 

HP  Has  to 
Relearn  How 
To  Be  HP 

IN  THE  EARLY  1980s,  when 
the  PC  emerged  and  com¬ 
puter  hardware  began  its 

long  transition  toward  commodity  sta¬ 
tus,  there  were  three  great  U.S.  com¬ 
puter  technology  companies:  IBM, 
Digital  and  Hewlett-Packard.  While  we 
all  know  now  that  the  power  of  micro¬ 
processor-based  systems  changed 
computing  forever,  to  appreciate  the 
challenges  that  HP  currently  faces,  it’s 
worth  revisiting  how  each  of  those 


companies  responded  to 
the  changes  that  roiled  the 
industry. 

Over  the  past  20  years, 

IBM  has  essentially  moved 
up  the  technology  stack, 
exiting  numerous  hardware 
businesses,  including  print¬ 
ers,  commodity  semicon¬ 
ductors  and,  most  recently, 
laptop  PCs.  It  has  used  its 
immense  mainframe  base  to 
develop  a  powerful  services 
and  software  position.  It’s 
no  longer  the  technology 
force  it  once  was,  but  it  has 
a  clear  strategic  focus,  supporting 
large  and  midsize  companies. 

In  contrast,  Digital  had  neither  the 
services  position  of  IBM  nor  the  ability 
to  compete  in  the  cost-driven  PC  busi¬ 
ness,  and  thus  it  never  really  had  any¬ 
where  safe  to  go.  When  it  both  under¬ 
estimated  and  misplayed  the  growing 
Unix  server  business,  its  fate  was 
sealed.  Who  would  have  thought  that 
it  would  soon  be  acquired  by  a  PC 
company  (Compaq)  and  then  vanish 
into  HP,  a  rival  it  dwarfed  in  the  once- 
proud  minicomputer  industry? 

In  comparison,  HP  has  been  a  bas¬ 
tion  of  stability.  There  have  been  no 
great  strategic  shifts,  because  HP  never 


really  was  an  integrated 
computer  systems  company 
as  IBM  and  Digital  were.  It 
was  always  more  of  a  col¬ 
lection  of  Silicon  Valley- 
style  enterprises  —  calcula¬ 
tors,  printers,  minicomput¬ 
ers,  test  and  measurement 
equipment,  etc.  In  this 
sense,  it  was  in  a  much  bet¬ 
ter  position  to  exploit  the 
opportunities  of  the  PC  era. 
HP  had  a  corporate  culture 
that  could  get  excited  about 
peripheral  markets,  such  as 
laser  printers,  in  a  way  that 
IBM  or  Digital  never  could. 

Thus,  while  IBM  has  succeeded  in 
services,  and  Digital  could  have  suc¬ 
ceeded  in  the  midrange  (as  Sun  Micro¬ 
systems  eventually  did),  HP  has  always 
been  primarily  a  device  company.  It 
once  seriously  considered  buying  the 
consulting  business  of  Pricewater- 
houseCoopers  (subsequently  bought 
by  IBM),  which  would  have  required  a 
radical  and  almost  unimaginable  shift 
in  culture.  However,  acquiring  Com¬ 
paq,  while  certainly  risky  and  perhaps 
unwise,  was  well  within  the  company’s 
traditional  strategic  orbit. 

The  Compaq  acquisition  was  a  defin¬ 
ing  moment  because  it  meant  that 


there  could  be  no  turning  back  and  that 
HP  would  have  to  be  successful  in  PCs 
and  low-end  servers  or  face  a  calami¬ 
tous  future.  While  HP  can  still  consider 
moves  such  as  buying  Sun  or  Novell  to 
expand  its  enterprise  position,  it  can’t 
just  move  up  the  stack  the  way  IBM 
did,  and  it  can’t  afford  to  misplay  its 
core  business  the  way  Digital  did. 

So  if  I  were  HP’s  new  CEO,  Mark 
Hurd,  I  would  be  asking  questions 
such  as  these:  Is  Dell,  with  its  clunky, 
unimaginative  boxes  and  declining  ser¬ 
vice  levels,  really  so  good  that  we  can’t 
compete?  Why  is  so  much  design  and 
product  innovation  happening  down 
the  road  at  Apple  Computer  and  so  lit¬ 
tle  at  HP?  How  come,  after  all  these 
years,  not  a  single  major  PC  vendor 
has  really  tried  to  advance  the  Linux 
PC  concept?  Why  aren’t  we  much 
stronger  in  the  image  editing  and  man¬ 
agement  business? 

Only  by  reinvigorating  its  core  prod¬ 
uct  technology  focus  can  the  company 
rediscover  its  dynamism  and  avoid  the 
painful  breakup  it’s  currently  headed 
toward.  ©  53829 
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Gun  Comments  Sidetrack  Readers 


I’VE  HAD  SIMILAR  problems 
with  Lone  Ranger  types  as  C.J. 
Kelly  described  in  her  Security  Man¬ 
ager’s  Journal  ["Hi-Yo,  Silver!  Away 
With  Lone  Rangers,”  QuickLink 
52693],  The  best  thing  to  do  with 
employees  who  pull  those  kinds  of 
tricks  is  to  pink-slip  them.  With 
any  luck,  your  competitors  will 
hire  them. 

I  was  saddened  to  see  that  Kelly 
used  the  article  to  express  antigun 
sentiments.  As  a  permit-carrying, 
law-abiding  techie,  I  encourage  her 
to  cut  legitimate  gun  owners  some 
slack.  That  employee  would  still  be  a 
jerk,  armed  or  otherwise. 

John  Burgoon 

Informaticist, 

Bloomington,  Ind. 

KELLY’S  IMPLICATION  that 
some  law-abiding  owners  of 
firearms  were  violence-prone  was 
so  off-base  I  am  aghast.  In  the  rural 
areas  that  I  was  brought  up  in,  hunt¬ 
ing  and  plinking  are  integral  parts  of 
life.  Every  other  pickup  truck  has  a 


rifle  or  shotgun,  as  sure  as  they 
have  a  toolbox.  Most  of  my  relatives 
and  a  good  portion  of  my  friends 
own  and  occasionally  carry  guns, 
and  none  has  ever  shot  another  hu¬ 
man  being  except  in  the  service  of 
their  country.  Yes,  there  are  plenty 
of  bad  characters  out  there  whose 
only  use  of  a  firearm  is  for  violence 
against  other  people.  Legitimate 
owners  of  guns  despise  them. 

The  number  of  crimes  committed 
by  those  licensed  to  carry  con¬ 
cealed  weapons  is  a  fraction  of  the 
total.  If  you  are  looking  for  a  law- 
abiding  citizen,  look  at  the  person 
with  the  concealed  permit  who  has 
had  extensive  training  and  back¬ 
ground  checks  to  obtain  that  status. 
But  please,  don’t  spread  misinfor¬ 
mation  that  is  insulting  to  so  many 
honest  folks. 

Daniel  Bell 

Manager  of  product  develop¬ 
ment,  Elizabethtown,  Ky., 
huntingky@yahoo.com 

C.J.  KELLY  RESPONDS:  Guns 


weren't  the  issue.  Lots  of  people  in 
my  family  have  them.  The  issue, 
which  I  unfortunately  didn’t  make 
clear  enough,  was  that  the  gun 
owners  in  this  situation  seemed  to 
boast  about  possessing  guns  in 
relation  to  my  requiring  them  to 
do  their  work  differently.  I  felt 
threatened. 


Funding  E-health 

Frank  hayes’  column 

“E-health,  Stat!”  [QuickLink 
52932]  correctly  points  out  that 
many  medical  providers  still  use 
paper  charts.  He  suggests  that  the 
solution  is  to  have  Medicare  force 
them  to  convert  to  an  all-electronic 
format  (the  electronic  health 
record,  or  EHR),  implying  that  most 
providers  don’t  want  to  convert  to 
or  use  a  standard  format.  Setting 
aside  the  problem  of  the  nonexis¬ 
tence  of  a  standard  EHR,  the  diffi¬ 
culty  is  that  the  goals  of  the  players 
aren’t  aligned.  No  one  disagrees  on 
the  benefits  of  an  EHR,  just  on  who 
should  pay  for  the  process  of  con¬ 
version.  Medicare.  Medicaid  and 


insurance  companies  lack  the  long¬ 
term  perspective  necessary  to  fund 
the  conversion.  Employers  and  em¬ 
ployer  groups  have  a  more  appro¬ 
priate  perspective,  but  they  don’t 
pay  more  to  hospitals  with  EHRs. 
Most  hospital  systems  don’t  have 
the  funds  to  support  a  massive  con¬ 
version,  although  some  areas  are 
being  converted  on  an  opportunis¬ 
tic  basis.  It’s  easy  for  Hayes  to  sug¬ 
gest  a  mandate,  but  I’d  like  to  know 
who  will  fund  it. 

David  B.  FitzGerald,  M.D.,  MBA 

Gainesville,  Fla. 

COMPUTERWORLD  welcomes 
comments  from  its  readers.  Letters 
will  be  edited  tor  brevity  and  clarity. 
They  should  be  addressed  to 
Jamie  Eckle,  letters  editor,  Com- 
puterworld,  PO  Box  9171, 1  Speen 
Street,  Framingham,  Mass.  01701. 
Fax:(508)879-4843.  E-mail: 
letters@computerworld.com. 
Include  an  address  and  phone 
number  for  immediate  verification. 

OFor  more  letters  on  these  and 
other  topics,  go  to 

www.computerworld.com/letters 
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A  workstation  with  muscle. 

Built  for  the  road. 

Introducing  mobile  productivity  with  horsepower  -  the 
Dell  Precision™  M70  Workstation  with  Intel®  Centrino™  Mobile  Technology. 

Now  you  can  dramatically  increase  productivity  by  quickly  powering  through  your  most  complex  projects.  No  matter 
where  you  are.  Create,  modify  and  demo  content  anywhere.  Analyze  and  research  on  the  go.  Plus,  you  never  have  to 
worry  with  the  M70  -  a  comprehensive  set  of  ISV  certifications  ensures  this  notebook  can  run  your  application,  while 
a  range  of  security  solutions  protects  your  data,  as  well  as  your  system.  And  of  course,  workstation  support,  should 
you  need  it,  is  just  a  phone  call  away.  Add  in  an  incredibly  attractive  price  and  256MB 
QpenGL  graphics,  and  you've  got  a  workstation  that 
packs  one  powerful  punch. 
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VeriSign. 

Where  it  all  comes  together. 


Billions  of  .times  each  day.  the  world  interacts  with  a  company  you 

may  not  realize  is  there.  One  that  is  driving  dynamic  transformations  at  the 

very  core  of  commerce  and  communications.  VeriSign.  Through  our 

T  -Intelligent  Infrastructure  Services,  we  enable  businesses  and 

-  individuals  to  find,  connect,  secure,  and  transact  across  today's 

.. 

complex  Internet,  telecom,  and  converged  networks. 

. 

-  r.-.yve  operate- the  systems  that  manage  .com  and  .net,  handling  14-billion 
Web  Addresses  and  emails' every  day.  We  run  one  of  the  largest  telecom 
V  ..  signaling  networks  in-the  world,  enabling  services  such  as  cellular  roaming, 


jltimedia  messaging.  We  manage  network 
global  businesses,  and  400,000  Web  sites. 


And  we  handle  over  30  percent  of  all  e-commerce  transactions  in  North 
America,  processing  $100-million  in  daily  sales.  As  next-generation  net¬ 
works  emerge  and  converge,  VeriSign  will  be  there,  deploying  the 
Intelligent  Infrastructure  Services  necessary  for  everything  from 
RFID-enabled  supply  chains  to  inter-enterprise  VoIP  to  mobile  and  rich 
media  content  distribution. 

Whether  you’re  a  telecom  carrier  looking  to  rapidly  deploy  new  services;  a 
Fortune  500  enterprise  needing  comprehensive,  proactive  security 
services;  or  an  e-commerce  leader  wanting  to  securely  process  payments 
and  reduce  fraud,  we  can  help.  We’re  VeriSign.  Where  it  all  comes  together. 
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VeriSign 


Where  IP  and  telecom  unite. 
Where  security  is  offensive,  not  defensive. 
Where  e-commerce  is  safe  commerce. 
Where  content  is  mobile  and  personal. 

Where  infrastructure  is  more  intelligent. 
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Ghosts  in  the  Machine 

Virtual  machines  are  being 
used  by  an  increasing 
number  of  companies 
because  they  give  users 
new  capabilities  to  manage 
computing  resources. 

Page  28 


FUTURE  WATCH 

Staying  Out  in  Front 

At  HP  Labs,  the  work  of 
researchers  such  as  Beth  Keer 
(left)  runs  the  gamut  from  data 
center  management  tools  to 
an  architecture  for  the  world’s 
tiniest  computer.  Page  32 


SECURITY  MANAGER’S  JOURNAL 

Firewall  Request 
Gets  Third  Degree 

Mathias  Thurman  must  conduct 
due  diligence  before  opening 
a  firewall  to  let  a  partner 
company  transfer  data. 

Page  34 


Ready  for^ 

TROUBLE? 


Faced  with  potential  catastrophe  caused  by  anything  from 
the  weather  to  a  malicious  attack,  companies  need  to  make 
sure  their  disaster  recovery  plans  match  best  practices. 


IT  WAS  THE  MONDAY  MORNING  after  the 
July  4th  weekend.  The  power  went  out  in 
the  highest  building  in  Philadelphia.  Not  to 
worry,  the  disaster  recovery  (DR)  special¬ 
ists  had  that  one  covered  —  the  building 
had  a  connection  to  a  separate  part  of  the 
grid.  But  then  the  repair  crew  accidentally 
severed  the  backup  connection. 

“Every  disaster  has  a  different  face,  so  no 
one  can  accurately  predict,”  says  Nick  Vout- 
sakis,  chief  technology  officer  at  Glenmede 
Trust  Co.,  a  wealth  management  firm  whose 
headquarters  occupies  four  floors  of  that 
building  in  Philly.  “Your  planning  has  to  be 
flexible  enough  to  cope.” 

Incidents  like  this  one  give  businesses  a 
chance  to  see  their  DR  technology  in  action. 

While  some  companies  pass  with  flying  colors,  the 
plans  of  others  are  exposed  as  incomplete,  unrealis¬ 
tic  and  technologically  flawed.  So,  what  are  the  tried- 
and-true  best  practices,  what  technologies  should  be 
deployed,  and  how  should  IT  cooperate  with  the  or¬ 
ganization  as  a  whole  in  order  to  take  all  necessary 
precautions? 


“Those  companies  with  untested  or  poorly  tested 
plans  will  eventually  discover  that  they  aren’t  as  pro¬ 
tected  as  they  thought  they  were,”  says  Mike  Karp,  an 
analyst  at  Enterprise  Management  Associates  Inc.  in 
Boulder,  Colo. 

Planning  for  the  Unplanned 

Some  DR  plans  are  too  simplistic,  don’t 
mesh  with  the  real  world  and  have  little 
value  in  an  emergency.  Others  are  complex 
tomes  that  nobody  reads.  According  to 
Voutsakis,  the  trick  is  finding  a  balance. 

But  even  companies  with  well-compiled 
plans  can  look  foolish  if  nobody  can  find 
the  plan  when  they  need  it.  It’s  no  good  if 
it’s  lost  in  a  binder  or  in  a  PC  that’s  down 
because  of  the  disaster.  So  keep  copies  of 
the  plan  in  multiple  locations. 

“We  include  copies  of  our  plan  in  the  emergency 
packs  we  provide  to  employees  containing  food,  med¬ 
ical  supplies,  flashlights  and  so  on,”  says  Voutsakis. 

Glenmede  is  primarily  a  Windows  2000/XP  shop 
that  uses  Cisco  Systems  Inc.  switches  and  Dell  Inc. 
servers  and  desktops.  Its  DR  plan  has  several  layers, 
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For  more-expensive  gear,  consider  shar¬ 
ing  an  off-site  machine  with  other  compa¬ 
nies.  The  Members  Group  does  this  with  an 
IBM  iSeries  server;  each  company  pays  its  own 
network  services  provider  to  host  it. 

Use  partners  and  leverage  their  expertise 
to  make  your  disaster  recovery  plans 
work.  Hold  them  accountable  for  their  tech¬ 
nology  functioning  as  promised. 

Consider  setting  up  an  arrangement 
where  your  company  and  one  or  two  oth¬ 
ers  operate  as  replication  facilities  for  one 
another,  says  Mike  Karp,  an  analyst  at  Enter¬ 
prise  Management  Associates. 

Don’t  depend  on  one  operating  system. 

“Use  a  variety  of  OSs,”  says  Michael  Smith, 
general  manager  of  operations  at  Forbes.com. 
“We  use  Linux,  Sun,  Microsoft  and  others.” 

Allow  enough  time  to  unearth  project  com¬ 
plexities.  That  can  even  mean  drilling  down  into 
each  application  to  uncover  interdependencies 
and  idiosyncrasies.  “Proprietary  applications 
are  sometimes  coded  to  a  specific  IP  address 
or  machine  name,  so  that  when  you  move  them 
to  a  replicated  facility,  they  don't  work,”  says 
Jeff  Russell,  CIO  at  The  Members  Group. 

“As  well  as  planning  the  technical  details, 
you  have  to  plan  the  financial  aspect  in  the 
same  depth,  since  DR  will  be  expensive,” 

says  Michael  Gruth  of  Deutsche  Borse. 

“You  have  to  tie  excellent  change  man¬ 
agement  into  the  recovery  plan,”  says 
Michael  Croy,  director  of  business  continuity  at 
Forsythe  Technology  Inc.  in  Skokie,  III.  Things 
change  at  a  whirlwind  rate  in  any  enterprise. 
Employees  come  and  go,  servers  and  applica¬ 
tions  change  with  the  seasons,  and  people 
have  a  tendency  to  not  stay  where  you  want 
them  to.  “The  infrastructure  in  today’s  business 
is  in  a  constant  state  of  flux,”  says  Croy. 

Not  all  applications  are  created  equal.  Deter¬ 
mine  which  applications  and  which  data 
are  most  critical  and  then  replicate  them 
constantly.  Some  applications  can  be  down 
four  hours,  and  others  perhaps  longer.  “We 
replicate  some  applications  minute  to  minute 
and  others  nightly,"  said  Nick  Voutsakis, 

CTO  at  Glenmede  Trust. 

“Perform  a  business  process  analysis 
to  truly  understand  how  the  business 
operates,  fully  understand  the  dependen¬ 
cies  among  systems  and  set  priorities  ac¬ 
cordingly,”  says  Chip  Nickolett  of  Compre¬ 
hensive  Consulting  Solutions. 


depending  on  the  situation.  If  people  can’t  get  to  work 
because  of  excessive  snow,  the  servers  keep  running 
at  headquarters  and  the  staff  works  securely  from 
home.  If  the  building’s  power  goes  out,  the  critical  sys¬ 
tems  can  be  brought  up  within  four  hours  at  a  “hot 
site”  across  town  owned  by  business  continuity  ser¬ 
vices  and  outsourcing  provider  SunGard  Availability 
Services  Inc.,  a  unit  of  SunGard  Data  Systems  Inc.  If 
an  event  keeps  employees  out  of  the  building  for  a 
week,  desktops  for  key  personnel  are  standing  by 
at  SunGard. 

During  the  Independence  Day  weekend  outage, 
Glenmede’s  management  declared  an  emergency  at 
7:30  a.m.  Since  all  data  is  replicated  to  the  hot  site, 
the  company  had  all  systems  running  by  11.30  a.m. 

But  it  takes  a  well-oiled  machine  to  pull  that  off 
smoothly.  And  that  means  teamwork. 

“Form  a  business  continuity  program  with  a  dedi¬ 
cated  team  of  two  to  five  people,  with  a  senior  man¬ 
agement  sponsor,”  advises  Roberta  Witty,  an  analyst 
at  Gartner  Inc.  in  Stamford,  Conn. 

Glenmede’s  primary  DR  committee  consists  of  the 
CTO,  the  heads  of  office  services  and  risk  manage¬ 
ment,  and  an  IT  audit  member.  The  committee  ap¬ 
pointed  an  extended  business  continuity  group  con¬ 
sisting  of  representatives  of  20  business  units.  These 
people  are  trained  in  business  continuity,  write  the 
plans  and  collaborate  with  their  business  units.  The 
minutes  of  both  committees’  sessions  are  sent  to 
Glenmede’s  board  of  directors. 

Each  business  unit  has  to  evaluate  its  processes 
and  needs.  At  The  Members  Group  Inc.,  a  West  Des 
Moines,  Iowa-based  company  that  provides  card¬ 
processing  and  mortgage  services  to  credit  unions, 
the  necessary  recovery  period  varied  widely  by  de¬ 
partment  and  time  of  the  month.  Payroll,  for  in¬ 
stance,  might  be  happy  with  a  13-day  recovery  win¬ 
dow  at  the  start  of  the  payroll  period  and  a  30-minute 
recovery  on  payday. 

“You  have  to  work  with  the  business  units  to  fully 
understand  the  drivers  of  each  application,”  says  Jeff 
Russell,  CIO  at  The  Members  Group.  It’s  impossible 
for  a  lone  IT  staffer  to  appreciate  the  particular 
needs  of  each  department.  The  Members  Group 
uses  StoneFly  Replicator,  an  IP  storage-area  network- 
based  asynchronous  disaster  recovery  product  from 
San  Diego-based  StoneFly  Networks  Inc.  to  maintain 
a  mirror  image  of  critical  data  at  a  remote  location. 

State-of-the-Art  Technology 

While  opinions  vary  as  to  what  constitutes  state-of- 
the-art  technology,  experts  such  as  Karp  of  Enterprise 
Management  Associates  and  Chip  Nickolett,  a  disas¬ 
ter  recovery  specialist  at  Comprehensive  Consulting 
Solutions  Inc.  in  Brookfield,  Wis.,  agree  that  cluster¬ 
ing,  SAN  mirroring  and  replication  are  on  the  leading 
edge.  However,  they  warn  that  these  can  be  expensive 
technologies. 

Among  operating  systems,  OpenVMS  and  Unix 
seem  to  be  favored  more  than  others.  Alpha/Open- 
VMS,  for  example,  has  built-in  clustering  technology 
that  many  companies  use  to  mirror  data  between  sites. 
Many  Financial  institutions,  including  Commerzbank, 
the  International  Securities  Exchange  and  Deutsche 
Borse  AG,  rely  on  VMS-based  mirroring  to  protect 
their  heavy-duty  transaction-processing  systems. 

Deutsche  Borse,  a  German  exchange  for  stocks  and 


RECOVERY  VS.CONTINUITY 


What’s  the  difference  between  disaster  recovery  and 
business  continuity?  According  to  John  Glenn,  a  BC  con¬ 
sultant  in  Clearwater,  Fla.,  DR  deals  solely  with  IT  and  what 
it  perceives  as  the  business  units’  requirements.  BC,  on  the 
other  hand,  focuses  on  the  business  units.  IT  is  just  one  of 
the  functions  that  serve  those  units,  and  it’s  one  facet  of 
business  continuity,  along  with  human  resources,  accounting 
and  emergency  preparedness. 

“Most  IT  folks  think  BC  is  just  a  new  name  for  DR,”  says 
Glenn.  “Instead  of  running  the  program  from  IT,  it  is  far  more 
effective  to  put  BC  -  of  which  DR  is  a  subset  -  under  the 
CFO,  CEO  or  COO.” 

In  the  event  of  a  disaster,  BC  ensures  that  the  company 
can  continue  to  provide  critical  services  while  the  enterprise 
is  being  restored  to  full  functionality.  BC  focuses  on  avoiding 
or  mitigating  risks.  DR  restores  the  organization  afterward. 

“DR  must  be  based  on  a  solid  BC  plan  that  has  taken  into 
account  the  reality  of  the  business  requirements  for  recovery,” 
says  Michael  Croy,  director  of  business  continuity  at  IT  infra¬ 
structure  consultancy  Forsythe  Technology  Inc. 

And  IT  organizations  are  beginning  to  get  the  point. 

“We  have  gotten  away  from  the  term  DR,  since  it  assumes 
the  facility  is  not  available,”  said  Jeff  Russell,  CIO  at  The  Mem¬ 
bers  Group.  “BC,  on  the  other  hand,  deals  with  how  we  contin¬ 
ue  despite  business  interruption." 

-  Drew  Robb 

derivatives,  has  deployed  an  OpenVMS  cluster  over 
two  sites  situated  5  kilometers  apart.  It  also  uses  Fi¬ 
bre  Channel  switches  from  San  Jose-based  Brocade 
Communications  Systems  Inc.  and  Cisco  switches 
and  routers  in  its  network  to  ensure  high  availability. 

“DR  is  not  about  cold  or  warm  backups,  it’s  about 
having  your  data  active  and  online  no  matter  what,” 
says  Michael  Gruth,  head  of  systems  and  network 
support  at  Deutsche  Borse.  “That  requires  cluster 
technology  which  is  online  at  both  sites.” 

For  its  part,  Windows  has  as  many  detractors  as 
advocates.  “While  we’ve  never  failed  to  recover  a 
Unix  system,  it’s  a  different  story  with  Windows,” 
says  Nickolett.  “Common  problems  include  failed 
restores,  software  conflicts  and  issues  with  patches 
or  service  packs.” 

Forbes.com  Inc.  in  New  York  also  favors  platforms 
besides  Windows.  Each  business  day,  it  publishes 
more  than  1,500  articles  online,  making  heavy  use  of 
an  advertising  workflow  system  running  on  an  Intel/ 
Linux  platform  and  a  content  management  system 
hosted  on  high-end  Fujitsu  Ltd.  servers  that  run  Sun 
Solaris.  Both  are  protected  using  the  Continuous 
Protection  System,  an  appliance  from  Revivio  Inc.  in 
Lexington,  Mass.  A  Gigabit  Ethernet  line  connects  to 
a  data  center  at  an  unspecified  location  using  host- 
based  mirroring  technology.  “We’re  able  to  switch  to 
the  appliance  in  the  event  that  the  primary  system 
has  a  problem,”  says  Michael  Smith,  general  manager 
of  operations  at  Forbes.com. 

But  not  everyone  agrees  that  Windows  should  be 
avoided.  In  fact,  the  Cancer  Therapy  &  Research 
Center  (CTRC)  in  San  Antonio  stakes  its  patients’ 
lives  on  a  combination  of  Microsoft  Corp.,  EMC  Corp. 
and  Cisco  tools  for  host-based  mirroring.  At  the 
medical  center,  21  servers  —  primarily  Windows 


www.computerworld.com 


TECHNOLOGY 


COMPUTERWORLD  April  25, 2005  27 


A  CRISIS  MANAGEMENT  PLANNING  GRID 
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2000/2003,  plus  a  few  Linux  boxes  —  store  data  on 
an  EMC  Clariion  FC4700  array.  Two  Cisco  SN  5428 
iSCSI  routers  and  a  Cisco  MDS  9506  switch  mirror 
data  and  large  imaging  files  over  a  Gigabit  Ethernet 
network  to  another  Clariion  array  at  the  research 
center  22  miles  away.  According  to  Mike  Luter,  CTO 
at  CTRC,  it  takes  10  minutes  to  recover  a  downed 
server  and  restore  service. 

“Business  continuity  is  far  more  important  to  us 
than  disaster  recovery,”  says  Luter.  “We  want  our  appli¬ 
cations  always  available  to  our  patients.  If  we  lost  the 
building,  it  would  take  a  lot  more  than  a  few  comput¬ 
er  systems  to  be  able  to  treat  our  patients  elsewhere.” 

Testing  Times 

The  finest  technology  and  the  most  skillful  planning 
are  about  as  far  as  many  companies  go  in  DR,  and 
that’s  nowhere  near  far  enough.  It  takes  testing  ga¬ 
lore  to  prepare  for  the  real  thing.  “Failing  to  follow 
through  with  exercises  to  locate  and  correct  plan 
deficiencies  is  a  common  error,”  says  John  Glenn,  a 
business  continuity  consultant  in  Clearwater,  Fla. 

That  doesn’t  mean  an  IT  administrator  “dummy¬ 
running”  the  plan  over  the  weekend  on  his  own,  Glenn 
says.  You  should  bring  all  systems  down  on  a  Sunday 
to  see  if  the  remote  site  operates  as  planned.  And 


bring  in  a  few  dozen  employees  and  run  a  live  test  to 
see  how  the  business  units  are  affected.  Can  finance 
continue  accounting,  sales  keep  selling  and  produc¬ 
tion  continue  to  turn  out  products?  In  addition,  sur¬ 
prise  everyone  with  a  few  random  exercises  during 
the  workweek,  suggests  Smith  of  Forbes.com. 

“We  test  our  entire  plan  seven  times  a  year,”  says 
Glenmede’s  Voutsakis.  “We  evaluate  our  perfor¬ 
mance  for  different  levels  of  disaster  and  various 
kinds  of  events,  including  sending  staff  home  to  see 
how  well  they  can  perform  there.”  He  says  that  the 


problems  that  can  cripple  you  during  an  actual  disas¬ 
ter  show  up  only  during  real-world  exercises. 

That  was  the  case  at  The  Members  Group.  It 
thought  it  had  plenty  of  bandwidth  to  replicate  off¬ 
site.  But  its  T1  lines  proved  inadequate.  For  example, 
its  SQL  database  couldn’t  be  adequately  replicated 
because  of  bandwidth  constraints,  so  it  hasn’t  been 
transferred  to  the  IP  SAN.  Similarly,  more  than  half 
of  the  company’s  servers  remain  unmirrored.  “We’re 
moving  our  primary  facility  in  May  and  will  add 
more  bandwidth  at  that  time,”  says  Russell.  O  53856 
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BY  ROBERT  L.  MITCHELL 

WHAT  STARTED  SIMPLY  as  a  Way 
to  consolidate  older,  out-of- 
warranty  servers  has  quickly 
turned  into  a  new  infrastruc¬ 
ture  building  block  in  Qual¬ 
comm  Inc.’s  data  center.  Virtual  machines  (VM) 
have  risen  to  become  a  corporate  standard  for  de¬ 
ploying  and  managing  x86-based  servers  at  the 
semiconductor  maker.  “We  saved  in  the  seven- 
figure  range  by  not  buying  servers.  Going  for¬ 
ward,  we’re  continuing  to  consolidate,  and  we’re 
pushing  everything  we  can  into  the  virtual 
space,”  says  Norm  Fjeldheim,  senior  vice  presi¬ 
dent  and  CIO  at  the  San  Diego-based  company. 

Server  virtualization  software  allows  applica¬ 
tions  to  sit  side  by  side  on  the  same  physical  serv¬ 
er,  yet  remain  completely  isolated,  both  from  one 
another  and  from  the  underlying  hardware.  Ap¬ 
plications  within  a  VM  see  a  dedicated  operating 
system  and  server.  Under  the  hood,  however,  a 
VM  monitor  allocates  a  share  of  the  physical 
server’s  processor,  memory  and  I/O  resources 
to  each  VM. 

Virtualization  breaks  the  link  between  the 
hardware  and  the  common  requirement  that  ap¬ 
plications  run  on  dedicated  servers.  Adding  a  vir¬ 
tualization  layer  adds  processing  overhead  that 
can  range  from  an  increase  of  a  few  percentage 
points  into  the  double  digits.  However,  most 
servers  are  significantly  underutilized,  so  consol¬ 
idation  benefits  are  often  dramatic. 

At  Qualcomm,  which  uses  VMware  Inc.’s  ESX 
Server  virtualization  software,  the  ratio  of  VMs  to 
physical  servers  has  been  as  high  as  18-to-l.  Some 
384  servers  now  run  in  VMs  that  reside  on  just  35 
dual-  and  quad-processor  machines.  In  all,  40%  of 
the  x86-based  server  applications  at  Qualcomm 
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run  on  VMs,  and  that  will  increase  to  50%  in  the 
next  six  months,  says  Paul  Poppleton,  senior  staff 
engineer  at  the  company. 

As  application  servers  continue  to  scale  out,  the 
proliferation  of  x86-based  servers  has  outstripped 
the  ability  of  administrators  to  manage  them,  says 
Nigel  Dessau,  vice  president  of  virtualization  solu¬ 
tions  at  IBM.  Businesses  today  have  seven  times 
more  servers  than  they  did  just  10  years  ago,  but  the 
cost  of  managing  them  is  nine  times  higher,  he  says. 
“Virtualization  can  start  tackling  that  problem,” 
Dessau  adds. 

Once  dismissed  as  a  neat  hack  that  in-house  devel¬ 
opers  used  to  quickly  test  software  within  multiple 
virtual  environments,  virtualization  technology  has 
taken  hold  for  tasks  ranging  from  consolidation  to 
business  continuity  and  even  virtualized  symmetri¬ 
cal  multiprocessing  (SMP)  systems. 

Early  concerns  about  application  support  are  fad¬ 
ing.  A  few  years  ago,  software  vendors  balked  at  sup¬ 
porting  applications  running  within  VMs.  Bowing  to 
user  demand,  today  larger  software  vendors  such  as 
Oracle  Corp.  and  Computer  Associates  International 
Inc.  support  products  running  within  VMs,  and  ven¬ 
dors  of  smaller,  niche-market  programs  are  increas¬ 
ingly  following.  “We’re  pushing  for  all  of  our  suppli- 


Server  Virtualization 


imm 


THE 

GOOD 


CONSOLIDATION:  Users  report  con 
solidation  efficiencies  ranging  from  a 
few  VMs  per  processor  to  as  many  as 
18.  Qualcomm  consolidated  384  serv¬ 
er  applications  onto  35  physical  servers. 

SERVER  DEPLOYMENT:  Application  servers  deployed  as 

VMs  can  be  set  up  quickly.  "It  used  to  take  eight  hours  to 
put  a  new  application  on  the  data  center  floor.  With  virtu¬ 
al  servers,  it  takes  anywhere  from  15  to  20  minutes,”  says 
Bob  Armstrong  of  Delaware  North. 

BUSINESS  CONTINUITY:  VMs  are  hardware-indepen¬ 

dent.  Disk  images  of  a  VM  can  be  quickly  copied  to 
another  server  in  the  event  of  a  hardware  failure  or  for 
routine  maintenance  -  without  disrupting  running 
processes. 

SOFTWARE  SUPPORT:  An  increasing  number  of  software 

vendors  now  support  their  products  when  running  on  VMs. 


SINGLE  POINT  OF  FAILURE-  A  hard 
ware  failure  on  a  single  physical  server 
can  take  down  multiple  virtual  sewers. 
Delaware  North  raised  its  hardware- 
support  contract  from  a  four-hour  response  to  a  one-hour 
response. 

LICENSING:  Software  vendors  may  charge  per  CPU  - 

and  per  VM.  In  some  systems,  users  must  license  an 
operating  system  for  the  host  and  for  each  VM. 

SCALING  UP:  Current  products  don’t  work  as  well  for 

processor-intensive  applications  or  those  requiring 
heavy  1/0. 

OVERHEAD:  Virtualization  adds  a  software  layer  that  can 

soak  up  processing  cycles.  Users  and  vendors  say  over¬ 
head  can  range  from  2%  or  3%  to  as  high  as  20%,  de¬ 
pending  on  the  product  and  application. 

-  Robert  L.  Mitchell 


and  then  it  hits  you:// 

YOU  CAN  GET  24/7  SUPPORT  FOR  LINUX 
NO  MATTER  WHERE  YOU  ARE. 

Novell 

find  out  more  at  novell.com 


©2005  Novell,  Inc.  All  rights  reserved.  Novell  is  a  registered  trademark  of  Novell,  Inc  in  the  United  States  and  other  countries. 


COMPUTERWGRLD  April  25, 2005 


TECHNOLOGY 


www.computerworld.com 


UNDER  THE  HOOD: 

The  Soul  of  a  Virtual  Machine 


ALTHOUGH  VIRTUALIZATION  TOOLS  have  similar 
objectives  and  use  a  virtualization  software  layer,  called 
a  resource  manager  or  hypervisor,  to  manage  virtual 
machines,  the  basic  architectures  vary. 

In  software-based  VMs,  the  resource  manager  sits  on 
top  of  a  host  operating  system  and  juggles  the  requests 
of  multiple  guest  operating  systems  loaded  on  top  of 
it  (see  diagram).  Microsoft  Virtual  Server  2005  and 
VMware  GSX  Server  follow  this  model. 

Other  products,  such  as  Xen  and  VMware's  ESX  Serv¬ 
er,  run  in  a  hypervisor  that  sits  beneath  the  guest  operat¬ 
ing  systems  and  the  hardware.  Because  the  software 
layer  sits  on  the  “bare  metal,"  these  are  sometimes  re¬ 
ferred  to  as  hardware  VMs.  Direct  contact  with  the  sys¬ 
tem  hardware  allows  the  VMs  to  work  more  efficiently. 

Other  products,  such  as  Solaris  Containers  in  Sun 
Microsystems  Inc.'s  Solaris  10  and  SWsoft  lnc.’s  Virtu- 


ozzo,  also  use  a  software-based  model  but  eliminate 
guest  operating  systems  in  favor  of  “virtualized  operating 
systems,”  or  application  containers.  Each  application  ap¬ 
pears  to  have  the  operating  system  to  itself,  but  in  fact, 
core  elements,  such  as  the  kernel  and  system  libraries, 
are  shared.  This  approach  is  more  efficient  than  running 
a  full-blown  guest  operating  system  in  each  VM  and  saves 
on  software  costs  because  one  operating  system  license 
can  be  used  for  all  VMs  on  a  physical  server.  But  there’s 
a  catch:  Virtual  operating  systems  can  support  only  appli¬ 
cations  that  will  run  on  the  host  operating  system. 

IDC  analyst  Dan  Kusnetzky  says  each  approach  fits 
a  different  need.  “Those  who  need  power  will  want  ap¬ 
proaches  that  are  very  lightweight.  Others  are  more  con¬ 
cerned  about  optimizing  resources,”  he  says.  “A  single 
approach  will  not  fit  the  need  everywhere.” 

-  Robert  L.  Mitchell 
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Virtualization  software  manages 
interactions  between  the  host 
operating  system  and  guest  OSs 
in  each  VM.  examples:  VMware  GSX 
Server,  Microsoft  Virtual  Server  2005 
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Hardware  VM 

The  virtualization  software  sits  directly 
on  top  of  the  hardware.  May  be  inte¬ 
grated  with  the  guest  OS  or  be  entirely 
separate.  Less  overhead  makes  it 
more  efficient  than  a  software  VM. 
examples:  VMware  ESX  Server,  Xen 
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Virtual  OS/ 

Application  Containers 

The  host  operating  system  is  shared 
between  application  containers,  but 
each  application  sees  its  own  virtual 
OS.  All  VMs  must  run  on  the  same  host 
OS.  examples:  Solaris  Containers, 
SWsoft  Virtuozzo 


HOST  OS 

SYSTEM  HARDWARE 


ers  to  support  VMware,”  Fjeldheim  says. 

Three  quarters  of  ESX  Server  deployments  are  in 
data  centers,  according  to  VMware,  an  EMC  Corp. 
business  unit.  Framingham,  Mass.-based  market  re¬ 
search  company  IDC  expects  strong  growth  in  VM 
software  between  2004  and  2008,  with  sales  growing 
75%,  to  $261  million,  over  the  four-year  period.  Those 
numbers  don’t  account  for  the  expected  growth  in 
the  adoption  of  Xen,  a  free,  open-source  virtualiza¬ 
tion  program  for  Linux  and  BSD  Unix  servers  that’s 
supported  by  Palo  Alto,  Calif.-based  start-up  Xen- 
Source  Inc. 

Disaster  Avoidance 

Now  that  virtualization  technology  has  proved  itself 
as  a  consolidation  tool  for  the  data  center,  organiza¬ 
tions  are  pursuing  new  uses,  such  as  VM  portability. 
An  entire  VM  can  be  encapsulated  in  a  single  disk- 
image  file  and  quickly  deployed  on  any  hardware 
running  the  same  virtualization  software. 

“All  that’s  necessary  is  to  copy  the  file  to  a  disk  or 
tape  or  send  it  down  the  network,”  says  IDC  analyst 
Dan  Kusnetzky.  “We’ve  seen  people  use  it  as  a  soft¬ 
ware  distribution  mechanism.”  That  portability  as¬ 
pect  makes  VM  technology  attractive  for  business 
continuity  as  well. 

For  example,  travel  consolidator  Fun  Sun  Vaca¬ 
tions  Ltd.  in  Edmonton,  Alberta,  first  used  Xen  VMs 
to  consolidate  its  Linux-based  Web  application 
servers.  Now  it  uses  VMs  as  a  disaster  recovery 
mechanism.  Because  the  virtualization  software  is  ab¬ 
stracted  from  the  hardware,  manager  of  information 
services  Derek  Larke  says  he  can  quickly  move  a  crit¬ 
ical  VM  that  handles  credit  card  transactions  onto 
any  available  server  in  the  collocation  data  center. 

“Usually,  at  the  time  of  disaster,  you  are  working 
with  blank  hardware  with  nothing  on  it.  We  imaged 
a  Xen  [VM]  and  brought  it  to  a  blank  server,  and 
we  had  it  up  and  going  in  about  15  minutes,”  he  says. 
Before,  Larke  notes,  “applications  that  originally 
would  have  taken  too  long  to  implement  in  the  event 
of  a  disaster  would  have  to  be  preconfigured  and 
running  at  the  collocation  site  on  their  own  hard¬ 
ware.”  Now,  a  single  machine  can  serve  as  a  fail-over 
machine  for  multiple  VMs  and  can  be  made  available 
for  other  tasks  until  needed. 

Qualcomm  uses  VMotion,  a  management  utility 
from  VMware  that  can  slide  running  VMs  onto  a 
new  physical  server  with  minimal  disruption.  “We’ve 
been  able  to  move  processors  onto  a  different  physi¬ 
cal  environment  in  scenarios  where  we  would  have 
lost  the  processes  before.  Our  service  levels  are  up,” 
says  senior  staff  engineer  Paul  Poppleton. 

Robert  Armstrong,  director  of  technical  services  at 
hospitality  services  vendor  Delaware  North  Cos.  in 
Buffalo,  N.Y.,  says  the  ability  to  move  VMs  between 
physical  systems  is  also  critical  for  server  mainte¬ 
nance  in  a  virtualized  environment.  Armstrong  used 
VMware  to  host  both  Windows  and  NetWare  VMs, 
reducing  the  data  center  footprint  from  12  racks  to 
three.  “The  maintenance  windows  shrink  dramatical¬ 
ly  when  you  have  eight  or  nine  virtual  machines  on 
one  physical  device,”  he  says. 

Larke  says  VMware’s  management  tools  are  the 
most  advanced.  “Hands  down,  VMware  is  the  best 
out  there,  the  way  it  manages,  the  way  you  can  throw 
around  virtual  machines,”  he  says.  But  Larke  says 
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ESX  Server,  with  management  software  and  support 
for  14  dual-processor  servers,  would  have  cost 
$173,000  using  products  from  IBM.  Xen  requires 
more  knowledge  to  run  properly,  but  it’s  free.  Given 
the  cost  difference,  the  tools  with  Xen  were  “enough 
for  what  we  need  to  do,”  Larke  says. 

Scaling  Up 

While  the  most  common  use  of  virtualization  tech¬ 
nology  is  to  break  down  the  resources  of  physical 
servers  into  a  series  of  VMs,  it’s  also  possible  to 
go  the  other  way,  aggregating  server  CPUs  and 
even  sub-CPU  VMs  into  a  single,  virtualized  SMP 
system. 

Carmine  Iannace,  manager  of  IT  architecture  at 
Welch  Foods  Inc.  in  Concord,  Mass.,  says  the  one 
thing  he  hasn’t  virtualized  is  his  collection  of  Oracle 
database  servers,  which  need  at  least  four  proces¬ 
sors.  VMware  currently  limits  VMs  to  two  proces¬ 
sors  each,  so  he  is  waiting  for  quad-processor  sup¬ 
port,  which  the  vendor  plans  to  ship  later  this  year. 

VFe,  a  product  announced  by  start-up  Virtual  Iron 
Software  Inc.  in  Acton,  Mass.,  will  support  up  to  16 
processors  per  VM.  The  system  will  initially  support 
only  Linux  VMs;  its  16-processor  limit  reflects  the 
maximum  SMP  configuration  currently  supported  by 


Linux.  VFe  uses  high-speed,  low-latency  InfiniBand 
host  bus  adapters  and  switches  to  interconnect  the 
physical  processors.  But  Iannace  worries  that  taking 
this  approach  would  add  too  much  expense  for  his 
application.  InfiniBand  “has  to  become  a  commodity 
item  to  be  useful,”  he  says. 

Another  product,  Virtuozzo,  from  SWsoft  Inc.  in 
Herndon,  Va.,  supports  virtual  SMPs  as  large  as  the 
physical  host  system.  It  can  support  Linux  or  Win¬ 
dows  Server  2003  VMs  —  but  not  both  —  on  the 
same  physical  hardware.  Jack  Henry  &  Associates 
Inc.,  a  Lenexa,  Kan.-based  developer  of 
software  for  banks,  is  testing  Virtuozzo 
to  meet  both  scale-up  and  scale-out 
requirements.  The  company’s  system 
architecture  includes  several  compo¬ 
nents  and  requires  multiple  servers. 

Since  everything  runs  on  Windows 
Server  2003,  Jack  Henry  &  Associates 
can  leverage  Virtuozzo  VMs  to  consoli¬ 
date  the  system  onto  fewer  servers,  including  virtual 
SMPs  that  range  from  two  to  eight  processors. 

“In  banks,  real  estate  is  at  a  premium,  so  the  foot¬ 
print  of  the  hardware  is  a  huge  consideration,”  says 
Barry  LaLone,  server  platform  architect.  Because 
Virtuozzo’s  technology  doesn’t  replicate  the  entire 


operating  system  within  each  VM,  the  complete  sys¬ 
tem  —  12  VMs  in  all  —  can  run  using  just  two  Win¬ 
dows  Server  2003  licenses.  With  VMware’s  scheme, 
LaLone  says,  he  would  have  had  to  pay  for  all  12. 

Virtual  Data  Center 

Ultimately,  virtualization  will  become  just  a  standard 
layer  of  the  infrastructure  stack,  predicts  Karthik 
Rau,  director  of  product  management  at  VMware. 

IBM  has  its  own  virtualization  technology  for  its 
midrange  and  mainframe  systems,  and  Dessau  says 
the  company  is  building  tools  for  a 
world  where  IT  must  manage  a  mix  of 
VMs  running  on  mainframe,  midrange 
and  x86  processors,  and  where  “islands 
of  virtualization  are  interconnected 
across  the  enterprise.”  Tools  such  as 
Tivoli  will  manage  these  resources  and 
dynamically  configure  and  provision 
virtualized  resources  as  needed, 

Dessau  says. 

But  for  most  users,  the  immediate  benefits  are 
what  matters.  “Virtualization  lends  itself  to  virtual 
firewalls,  application  isolation,  all  kinds  of  neat 
things,”  says  Welch’s  Iannace.  “It’s  a  very  cost-effec¬ 
tive,  efficient  and  reproducible  approach.”  ©  53725 


VENDORS  AND  TRICKS 

For  a  list  of  VM  vendors,  go  to  our 
Web  site:  QuickLink  53833 

To  learn  more  about  how  vendors 
create  VMs  that  perform  well  on 
x86-based  machines,  visit: 

QuickLink  53832 
www.computerworld.com 
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STAYING 
OUT  IN 


That’s  the  approach  taken 
at  HP  Labs,  whether  they’re 
looking  one  year  down  the 
road  or  a  decade  ahead. 
By  Gary  H.  Anthes 


YOU  CAN  HARDLY  pick  up 
a  business  or  IT  publica¬ 
tion  these  days  without 
finding  someone  exhort¬ 
ing  Hewlett-Packard  Co. 
to  “reinvent”  itself. 

Regardless  of  how,  or  if,  new  CEO 
Mark  Hurd  does  that,  IT  seems  likely 
to  go  on  quietly  reinventing  itself  in¬ 
side  HP  Laboratories.  The  labs  may  get 
only  5%  of  HP’s  total  research  and  de¬ 
velopment  budget,  but  they’re  working 
on  a  broad  array  of  technologies,  from 
data  center  management  tools  that  are 
expected  to  find  commercial  applica¬ 


tions  next  year,  to  new  computer  archi¬ 
tectures  that  won’t  hit  the  marketplace 
for  at  least  seven  years,  if  ever. 

“We  try  to  be  out  in  front  of  the 
company,”  says  Robert  F.  Waites,  direc¬ 
tor  of  strategic  planning  at  HP  Labs 
in  Palo  Alto,  Calif.  “We  try  to  skate  to 
where  the  hockey  puck  will  be,  not 
where  it  is  today.” 

Many  of  HP  Labs’  700  employees  are 
now  skating  toward  a  “reinvention  of 
the  economics  of  IT,”  one  of  six  broad 
research  areas  that  includes  projects 
in  grid  and  utility  computing,  self¬ 
managing  systems,  virtualization  and 
smart  data  centers. 

“The  most  fruitful  places  to  inno¬ 
vate  are  now  above  the  commodity  op¬ 
erating  system  and  CPU  chips,”  Waites 
says.  “We  have  very  little  work  going 
on  in  CPU  architectures,  but  20  years 
ago,  that  was  a  dominant  research 
program.” 

What’s  in  Store  Near  Term 

Beth  Keer,  manager  of  storage  systems 
research,  says  most  IT  shops  spend 
80%  of  their  budgets  on  hardware  and 
software  maintenance.  The  goal  of  a 
suite  of  projects  at  HP  Labs  is  to  knock 
that  down  by  almost  half.  The  key  is  to 
automate  IT  tasks  such  as  provisioning 
disk  arrays  and  configuring 
networks,  she  says. 

“There  are  many  steps,  and 
if  you  screw  it  up,  you  are 
in  big  trouble.  And  because 
these  tasks  are  repetitive  and 
complex,  they  are  not  a  good  fit  for 
human  cognitive  skills,”  Keer  says. 

Projects  that  attack  this  problem  lie 
in  two  broad  areas:  virtualization,  and 
automated  management  and  control. 
They  include  the  following: 


■  Soft U DC.  The  software-based  Util¬ 
ity  Data  Center  is  a  prototype  tool  for 
virtualizing  server,  network  and  storage 
resources.  It  creates  a  logical  layer 
across  disparate  hardware  and  a  single, 
centrally  managed  pool  of  resources. 


■  FAB.  The  Federated  Array  of  Bricks 
consists  of  low-cost,  industry-standard 
hardware  and  proprietary  software 
that  allows  easy  provisioning  of  stor¬ 
age  systems.  A  “brick”  holds  a  number 
of  disks  and  a  CPU  controller.  Addi¬ 
tional  bricks  can  be  snapped  in  for 
“capacity  on  demand,”  with  the  Linux- 
based  software  automatically  striping 
data  across  the  bricks  and  providing 
for  redundancy  in  case  of  failure. 


■  SLIC.  Statistical  Learning,  Inference 
and  Control  tools  use  pattern  recogni¬ 
tion  and  probabilistic  models  to  identi¬ 


fy  aberrant  system  behavior.  Research  is 
now  focusing  on  forecasting  problems. 


■  Smart  Data  Center.  This  project 
involves  figuring  out  how  to  better 
cool  ultradense  components  such  as 
blade  servers  while  saving  on  energy 
costs.  “Dynamic  smart  cooling”  uses 
thermal  modeling,  networked  sensors 
and  even  robots  to  lower  cooling  costs 
by  70%,  HP  claims.  Keer  seems  unde¬ 
terred  by  the  technical  challenges  in 
her  work,  but  she  acknowledges  some 
doubts  on  the  user  front.  “There  are 
some  human  factors  about  people’s 
reluctance  to  adopt  new  technologies,” 
Keer  says.  “If  they  can’t  see  what’s  go¬ 
ing  on,  do  they  trust  the  automation?” 

Longer-Term  Goals 

While  Keer  works  on  things  that  have 
one  foot  in  the  marketplace,  HP  Labs’ 
Duncan  Stewart  is  focused  on  some¬ 
thing  unlikely  to  have  any  payoff  for 
seven  to  10  years.  The  research  physi¬ 
cist  and  his  colleagues  are  hoping  to 
shrink  computers  to  almost  unimagin¬ 
ably  tiny  dimensions. 

For  more  than  six  years,  HP  Labs  has 
been  inventing  a  radical  new  approach 
to  computing  based  on  crossbar  tech¬ 
nology.  HP’s  crossbars  are  molecular- 
scale  circuits  consisting  of 
grids  of  wires  whose  intersec¬ 
tions  can  be  populated,  by 
programming,  with  various 
devices  such  as  resistors, 
diodes  and  switches.  Several 
years  ago,  HP  showed  that  these  cross¬ 
bar  arrays  could  be  used  to  make  mem¬ 
ory  and  very  simple  logic  circuits  far 
smaller  than  equivalent  circuits  made 
from  silicon  transistors. 

But  HP  found  two  show-stoppers 
on  the  way  to  making  a  practical 
computer:  There  seemed  to  be  no 
way  to  restore  degraded  signals  as 
they  traveled  from  one  logic  gate 
to  another  and  no  way  to  do  signal 
inversion,  which  is  necessary  to  per¬ 
form  the  Boolean  NOT  operation. 
Both  functions  are  a  cinch  with  silicon 
transistors. 

Then,  in  February,  HP  Labs  an¬ 
nounced  a  breakthrough  —  a  way  to 
perform  both  signal  restoration  and 
inversion  using  a  pair  of  very  simple 
molecular-scale  switches  combined 
into  a  crossbar  latch. 

“Latches  are  the  glue  that  holds 
together  all  of  the  different  pieces  of 
memory  and  logic  inside  of  a  proces¬ 
sor,”  Stewart  says.  “That  was  the  miss¬ 
ing  piece  that  will  enable  all  kinds  of 
computing  to  be  done  at  the  molecular 
scale.  We  are  going  to  build  the  small¬ 
est  computer  in  the  world.” 
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in  HP  abs’  mart  data 
center,  where  researchers  are  working  on 
“dynamic  smart  cooling"  technology. 
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Meanwhile,  conventional  chips  will 
become  extremely  difficult  and  ex¬ 
pensive  to  make  as  they  get  smaller. 

A  published  road  map  for  the  semi¬ 
conductor  industry  has  the  smallest 
distances  between  wires  on  a  memory 
chip  shrinking  from  90  nanometers 
today  to  65nm  in  2007,  to  45nm  in 
2010,  to  32nm  in  2013  and  on  down 
from  there. 

“What  they  are  going  to  do  12  years 
from  now  is  mapped  out,  but  they 
don’t  have  a  clue  how  to  do  that,”  says 
Stewart.  “In  fact,  they  think  they  may 
not  be  able  to  do  it.” 

The  32nm  milestone  is  “a  reasonable 
place  for  us  to  inject  some  of  these 
ideas,”  he  says.  The  idea  isn’t  to  re¬ 
place  silicon  transistors  but  to  build 
certain  devices,  such  as  ultradense 
memories,  on  top  of  CMOS  chips. 
Stewart  says  HP  hopes  to  eventually 
build  crossbar  devices  smaller  than 
3nm. 

Meyya  Meyyappan,  director  of  the 
Center  for  Nanotechnology  at  NASA’s 


Ames  Research  Center,  says  it’s  too 
early  to  say  whether  HP  will  succeed. 
“Until  today,  everyone  was  doing 
straightforward  silicon  CMOS-like 
technology,”  he  says.  “As  such,  there 
was  nothing  novel.  But  the  crossbar 
architecture  is  a  novel  concept  with 
the  potential  to  lead  toward  future- 
generation  electronics.” 

One  application  of  these  Lilliputian 
computers  might  be  to  give  tiny  sen¬ 
sors,  or  “motes,”  enough  processing 
power  to  perform  very  compute¬ 
intensive  functions.  For  example, 
Stewart  says,  “if  I  can  deliver  you  a 
very  small  computer  —  a  few  microns 
square  —  that  can  run  on  power  it 
soaks  up  from  the  environment,  then 
things  like  RFID  tags  can  have  cryp¬ 
tography.” 

Could  there  be  more  show-stoppers? 
“The  biggest  one  I’ve  seen  in  research 
labs  is  economics,”  Stewart  says,  after 
some  thought.  “When  your  technology 
is  actually  ready  to  go,  the  market  may 
not  be  ready  for  it.”  O  53594 
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Firewall  Request 
Gets  Third  Degree 


Our  security  manager  must  conduct  due 
diligence  before  allowing  a  partner  com¬ 
pany  to  transfer  data.  By  Mathias  Thurman 


ther  departments 
frequently  ask  me  to 
approve  firewall  modi¬ 
fications  to  allow  ap¬ 
plications  to  “talk”  to  one  an¬ 
other.  This  past  week,  one  of 
the  business  units  asked  per¬ 
mission  to  open  our  external 
firewall  to  enable  a  business 
partner  to  transfer  data  to  one 
of  our  quality  assurance  (QA) 
servers  for  testing. 

This  request  was 
related  to  our  educa¬ 
tion  sales  Web  site. 

We  sell  online,  in- 
house  and  computer- 
based  training  materi¬ 
als,  as  well  as  books 
and  other  publica¬ 
tions,  all  geared  toward  teach¬ 
ing  customers  how  to  use  our 
products.  When  revenue  gen¬ 
eration  is  involved,  my  review 
is  more  thorough,  and  that 
was  my  approach  this  time, 
even  though  it  was  for  a  QA 
environment. 

I  asked  to  see  the  network 
diagrams,  data  flows  and  the 
nature  of  the  data  to  be  trans¬ 
ferred.  While  these  are  vital 
elements  for  deciding  whether 
an  external  entity  will  be  al¬ 
lowed  to  transfer  data  to  our 
company,  I  usually  ask  for  this 
information  even  when  the  re¬ 
quest  is  internal. 

By  reviewing  the  network 
diagrams,  I  was  able  to  learn 
about  the  other  resources  that 
are  trusted  by  the  QA  server 
and  environment.  Sometimes 
network  diagrams  show  that 
other  critical  servers  or  net¬ 
works  trust  the  affected  sys¬ 
tem.  If  a  server  that’s  trusted 
by  another  sensitive  resource 
is  compromised,  it’s  a  trivial 
thing  for  a  hacker  to  take  ad¬ 
vantage  of  that  trust  relation¬ 
ship.  For  this  environment,  the 


QA  server  was  on  a  segregated 
network  shared  only  by  anoth¬ 
er  QA  server,  which  had  been 
set  up  as  a  standby. 

As  for  data  flows,  they  depict 
how  data  moves  from  one  enti¬ 
ty  to  another  within  an  applica¬ 
tion.  They  usually  show  infor¬ 
mation  about  things  such  as  en¬ 
cryption,  data  in  transit,  data  at 
rest  and  backup.  In  this  case,  I 
wanted  to  understand  how  the 
data  would  get  from 
the  external  partner 
to  our  infrastruc¬ 
ture,  where  the  data 
would  move  to  with¬ 
in  our  environment 
and,  of  course,  the 
nature  of  the  data. 

From  a  legal  and  privacy  per¬ 
spective,  the  nature  of  the  data 
that  will  be  transmitted  is  prob¬ 
ably  one  of  the  most  important 
factors.  The  business  units  al¬ 
ways  play  this  down,  suggest¬ 
ing  that  it’s  “just  some  data.” 
But  “just  some  data”  usually 
turns  out  to  include  private  in¬ 
formation.  In  this  case,  there 
were  customer  names,  mailing 
addresses,  e-mail  addresses 
and  phone  numbers.  We  have 
agreements  with  other  ven¬ 
dors  to  sell  our  training  mate¬ 
rials,  and  this  particular  re¬ 
quest  entailed  the  vendor 
sending  enrollment  data  from 
its  site,  where  the  training  was 


I  asked  to  see  the 
network  diagrams, 
data  flows  and  the 
nature  of  the  data 
to  be  transferred. 


purchased,  to  our  site. 

For  this  application,  I  insist¬ 
ed  that  the  data  in  transit  flow 
from  the  external  business 
partner  to  our  QA  server  over 
an  encrypted  format  such  as 
Secure  Sockets  Layer  (the 
HTTPS  protocol).  And  I  was 
uncomfortable  with  the  idea 
of  all  the  customer  data  resid¬ 
ing  in  plain  text  within  the 
database,  so  several  of  the 
fields  have  to  be  encrypted. 

In  addition,  I  ordered  a  vul¬ 
nerability  assessment  to  be 
performed  against  our  QA  en¬ 
vironment.  The  QA  environ¬ 
ment  is  supposed  to  mirror 
the  production  environment, 
so  an  assessment  of  the  QA 
server  would  indicate  what  to 
expect  within  production. 

Assessing  Vulnerability 

The  vulnerability  assessment 
entails  running  a  couple  of 
tools  against  the  QA  server. 
The  first  is  Nessus,  a  freely 
available  port  scanner  that  typ¬ 
ically  indicates  how  vulnerable 
the  server  is  to  some  common 
threats  as  a  result  of  configura¬ 
tion  errors,  outdated  patches 
or  other  vulnerable  services. 
The  other  is  an  application 
security  scanning  tool  that 
assesses  the  application  (as 
opposed  to  the  server  and  op¬ 
erating  system)  for  improperly 
coded  applications  or  improp¬ 
erly  configured  Web  servers. 

The  vulnerability  assess¬ 
ment  found  that  the  only  glar¬ 
ing  hole  for  this  application 
was  in  the  Apache  Web  server, 
which  was  configured  to  dis¬ 
play  directory  listings.  This  is  a 
common  configuration  error 
within  the  Web  server  soft¬ 
ware.  With  directory  listings 
displayable,  a  would-be  hacker 
could  find  some  files  contain¬ 
ing  sensitive  data  and  gain 
unauthorized  access.  The  fix  is 
simple:  You  create  a  file  called 
.htaccess  and  place  a  certain 
directive  within  that  file  that 
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prevents  the  directory  listing. 
The  directive  is  something 
similar  to  “Indexlgnore  *”  with 
the  asterisk  serving  as  a  place¬ 
holder  for  any  of  many  ap¬ 
proaches  to  limit  access  or 
viewing  of  directories  using 
the  browser. 

I  also  asked  to  see  the  busi¬ 
ness  partner’s  network  dia¬ 
gram.  Not  surprisingly,  the 
company  didn’t  want  to  reveal 
its  inner  workings,  so  it  re¬ 
quired  me  to  sign  a  nondisclo¬ 
sure  agreement,  which  I  readi¬ 
ly  did  after  it  was  reviewed  by 
our  legal  department.  I  also 
requested  information  that 
would  assure  me  that  the  ven¬ 
dor’s  infrastructure  was  se¬ 
cure.  In  cases  like  this,  I  would 
really  like  to  conduct  an  as¬ 
sessment  of  the  partner’s  site, 
but  our  legal  department  has 
said  no  to  that  type  of  thing, 
apparently  not  wanting  to 
chance  that  we  might  mistak¬ 
enly  “scan”  or  run  penetration 
testing  against  the  wrong  site. 

We  could  have  hired  a  third 
party  to  do  an  assessment  for 
us,  but  the  vendor  had  just  re¬ 
ceived  a  WebTrust  certifica¬ 
tion.  That’s  an  attestation  by 
management  that  the  systems 
in  question  are  protected 
against  unauthorized  access. 
Typically,  a  company  will  hire 
a  Big  Four  consulting  compa¬ 
ny  to  come  in,  complete  a 
thick  questionnaire  and  run  a 
couple  of  security  scans.  If 
everything  looks  good,  and 
you’ve  paid  your  $20,000  bill, 
the  consulting  firm  will  allow 
you  to  put  the  WebTrust  logo 
on  your  Web  site. 

After  all  was  said  and  done, 

I  was  satisfied  with  the  results 
from  the  follow-up  assessment 
and  I  allowed  the  firewall  rule 
change.  The  next  step  is  to  as¬ 
sess  the  production  instance 
of  this  application,  since  I 
can’t  assume  that  the  produc¬ 
tion  environment  is  config¬ 
ured  identically  to  the  QA.  I 

WHAT  DO  YOU  THINK? 

This  week’s  journal  is  written  by  a  real  securi¬ 
ty  manager,  “Mathias  Thurman,"  whose 
name  and  employer  have  been  disguised  for 
obvious  reasons.  Contact  him  at  mathias. 
thurman@yahoo.com,  or  join  the  discussion 
in  our  forum:  QuickLink  a1590 

To  find  a  complete  archive  of  our 
Security  Manager’s  Journals,  go  online  to 

O  computerworld.com/secjoumal 


SECURITY  LOG 


Security  Bookshelf 

■  Introduction  to  Computer 
Security,  by  Matt  Bishop 
(Addison-Wesiey 
Professional, 

2004). 

If  you’re  just  getting 
into  the  computer 
security  field,  this 
book's  level  of  tech¬ 
nical  and  mathemat¬ 
ical  detail  probably 
won’t  benefit  you.  However,  I 
found  that  it  could  be  used  as  a 
reference  book  for  CiSSP  cer¬ 
tifications.  The  explanations 
of  data  integrity  models  like 
Bell-LaPadula  were  very  de¬ 
tailed,  as  were  those  of  some 
of  the  other  common  security 
models. 

-  Mathias  Thurman 

Spyware  Blocker 

Barracuda  Networks  Inc.  has 
launched  Barracuda  Spyware 
Firewall.  According  to  the 
company,  the  product  blocks 
spyware  downloads  using  sig¬ 
nature-  and  rule-based  tech¬ 
niques;  stops  viruses  through 
file-type  blocking,  dual-layer 
virus  checking  and  decom¬ 
pression  of  archives;  prevents 
access  to  spyware  Web  sites; 
detects  and  blocks  spyware 
access  to  the  Internet;  and 
allows  Web  content  filtering 
to  block  inappropriate  sites. 
Available  in  three  models  be¬ 
ginning  June  1,  Barracuda 
Spyware  Firewall  will  be 
priced  from  $1,999  to  $5,999. 


Security  R0I  Tool 

CDW  Corp.  announced  a  set  of 
tools  to  help  customers  make 
network  security  purchase  de¬ 
cisions.  The  CDW  Security  R0I 
Toolkit  includes  the  Security 
Profiler,  a  Web-based  survey 
that  compares  companies 
with  peers  of  the  same  size 
and  industry  on  security  fea¬ 
ture  deployment  and  certain 
operational  metrics.  It  also  in¬ 
cludes  the  R0I  Calculator,  an 
application  that  calculates  the 
return  on  investment  and  oth¬ 
er  financial  metrics  for  cus¬ 
tomers  deploying  a  particular 
set  of  security  products. 
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Find  the  tools  and  guidance  you 
at  microsoft.com/security/IT 


need  for  a  well-guarded  network 
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Microsoft  Windows  XF  Ser  ice  ack  2:  Download  it  for 
free  and  get  stronger  system  control  and  proactive  protection 
against  security  threats. 


Microsoft  Risk  Assessment  Tool:  Complete  this  free,  Web-based 
self-assessment  to  help  you  evaluate  your  organization's  security 
practices  and  identify  areas  for  improvement. 


Free  Tools  &  Updates:  Download  free  software  like  Microsoft 
Baseline  Security  Analyzer  2.0  to  verify  that  your  systems  are 
configured  to  maximize  security.  Manage  software  updates 
easily  with  Windows  Server  Update  Services. 


Internet  Security  and  Acceleration  Server  2004:  Download 


the  free  120-day  trial  version  to  evaluate  how  the  advanced 
application-layer  firewall,  VPN,  and  Web  cache  solution  can 
improve  network  security  and  performance. 

a  vd  w&tm* , 
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Microsoft 
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Dieselpoint  Unveils 
Latest  Search  Tool 


■  Dieselpoint  Inc.  in  Chicago  has 
announced  Version  3.5  of  Diesel¬ 
point  Search.  Enhancements  in¬ 
clude  new  indexing  and  logging 
features,  extended  support  for 
wild-card-based  searches,  and 
secure  search  support  for  sensi¬ 
tive  or  confidential  data,  Diesel¬ 
point  said.  The  all-Java  applica¬ 
tion  is  designed  to  help  users  find 
information  in  data  repositories 
that  include  documents,  databas¬ 
es,  XML  and  other  sources. 
Dieselpoint  3.5  is  available  now 
and  starts  at  $20,000  for  a  mini¬ 
mum  of  two  CPUs. 


PSS  Systems 
Launches  AtlasIPM 

■  PSS  Systems  in  Palo  Alto, 

Calif.,  has  introduced  the  Atlas¬ 
IPM  information  policy  manage¬ 
ment  suite,  a  set  of  software  sys¬ 
tems  that  are  designed  to  help 
companies  automate  the  man¬ 
agement  and  enforcement  of  in¬ 
formation  policies.  The  software 
assists  with  the  retention,  dispo¬ 
sition,  preservation  and  produc¬ 
tion  of  data  stored  on  PCs  and  file 
servers,  the  company  said.  It  in¬ 
cludes  Policy  Atlas,  a  centralized 
policy  repository,  and  Policy 
Point,  a  software  agent  that  can 
be  synchronized  with  Policy  Atlas 
to  determine  when  and  how  to 
dispose  of  a  record.  AtlasIPM 
runs  on  Windows  and  Linux  and 
is  priced  starting  at  $100,000. 


Archiving  Tool  for 
Siebe!  Apps  Ships 

■  Princeton  Softech  Inc.  in 
Princeton,  N.J.,  announced  last 
week  that  it  will  be  launching 
Archive  for  Servers  Siebel  Edi¬ 
tion,  as  well  as  enhancements  to 
Archive  for  DB2  PeopleSoft. 
Princeton  said  the  new  edition  al¬ 
lows  users  to  archive  data  from 
Siebel  application  families  such 
as  Call  Center  and  is  targeted  at 
companies  that  want  to  employ  a 
tiered  data-storage  architecture. 
Archive  for  Servers  Siebel  Edition 
starts  at  $50,000  retail. 


DOUGLAS  SCHWEITZER 


Get  Physical  About 
IT  Security 


A  SAN  JOSE-BASED  medical  practice  re¬ 
cently  notified  about  185,000  current  and 
former  patients  about  the  theft  of  their 
personal  information.  Stored  on  two  com¬ 
puters,  the  data  was  stolen  from  the  med¬ 
ical  office  during  a  burglary  that  occurred  March  28 
[QuickLink  53707]. 


Under  California  law  SB 
1386,  the  medical  group  was 
required  to  publicly  disclose 
the  computer  security 
breach  because  the  confi¬ 
dential  information  of  Cali¬ 
fornia  residents  may  have 
been  compromised.  Unfortu¬ 
nately,  that  law  promises  to 
teach  both  businesses  and 
the  public  plenty  of  lessons 
about  insufficient  security 
practices  like  those  high¬ 
lighted  in  the  San  Jose  case. 

Let’s  face  it:  Hardware  and  **®*3*@®SH 
software  are  usually  less  secure  when 
they’re  located  in  an  open  workspace 
than  they  are  when  they’re  located  in 
a  separate  computer  room.  Security  is 
further  decreased  when  the  hardware 
and/or  software  is  used  within  a  network 
of  computers  that  aren’t  housed  at  a  sin¬ 
gle  location.  And  the  level  of  vulner¬ 
ability  is  even  higher  when  the  network 
extends  beyond  the  organization’s 
premises.  Some  assets  —  like  hardware 
devices  and  data  and  software  that  are 
stored  on  file  servers,  PCs  or  removable 
media  like  tapes  and  disks  —  need  to  be 
secured  physically.  Part  of  physical  secu¬ 
rity  is  ensuring  that  only  authorized  per¬ 
sonnel  are  permitted  to  transmit  data 
and  access  devices  on  LANs. 

The  National  Computer  Security  Cen¬ 
ter’s  “Glossary  of  Computer  Security 
Terms”  defines  physical  security  as  “the 
application  of  physical  barriers  and  con¬ 
trol  procedures  as  preventive  measures 
or  countermeasures  against  threats  to 
resources  and  sensitive  information.” 

According  to  security  expert  and  au¬ 
thor  Kevin  Beaver,  CISSP,  “You  cannot 
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is  an  Internet  security 
specialist.  Contact  him  at 
douan8ak@juno.com. 


have  any  sense  of  informa¬ 
tion  security  if  you  don’t  im¬ 
plement  proper  physical  se¬ 
curity  measures.” 

Unfortunately,  IT  depart¬ 
ments  may  disregard  physi¬ 
cal  security,  fearing  that  it’s 
too  expensive  or  too  much 
of  a  burden.  But  effectively 
controlling  physical  access 
to  an  organization’s  facilities 
should  be  the  security  staff’s 
top  concern. 

When  it  comes  to  physical 
security,  most  organizations 
use  one  or  a  combination  of  mecha¬ 
nisms.  Security  guards  are  at  the  front 
line  and  should  be  trained  to  restrict  the 
removal  of  assets  from  the  premises. 
Among  other  things,  they  should  be 
trained  to  record  the  identity  of  anyone 
removing  assets.  In  addition,  an  autho¬ 
rization  procedure  should  be  established 
for  those  occasions  when  removing 
hardware  and  software  from  the  premis¬ 
es  is  necessary. 

A  traditional  lock  is,  of  course,  one  of 
the  simplest  ways  to  secure  physical  ac¬ 
cess  to  IT  assets.  This  ubiquitous  securi¬ 
ty  system  has  effectively  impeded  access 
for  centuries.  While  it’s  decidedly  low 
tech,  this  approach  nevertheless  remains 
appealing  to  those  on  a  budget,  since  it’s 
simple  and  doesn’t  cost  very  much.  If 
you  wish  to  add  another  layer  to  this  se¬ 
curity  model,  you  can  use  keys  that  can’t 
be  duplicated  or  build  “mantraps”  in 
which  those  who  wish  to  gain  entry 
must  pass  through  two  doors,  so  only 
one  person  can  enter  at  a  time. 

Electronic  key  cards  are  another  good 
option,  and  they  provide  a  higher  level 


of  security  than  the  traditional  lock-and- 
key  approach.  With  this  technology,  a 
user  gains  entry  by  swiping  an  electroni¬ 
cally  coded  plastic  card  through  a  mag¬ 
netic  badge  reader.  An  advantage  of  key- 
card  systems  is  that  they  eliminate  some 
of  the  management  problems  that  arise 
when  you  use  locks  and  keys.  For  exam¬ 
ple,  if  an  employee  quits  and  walks  off 
with  his  card,  you  don’t  have  to  change 
the  locks;  you  just  deactivate  his  card. 

Perhaps  the  most  intriguing  approach¬ 
es  to  physical  security  are  those  that  uti¬ 
lize  biometrics.  Biometric  authentication 
involves  the  examination  of  physical 
traits  of  users.  The  examined  feature  is 
compared  with  stored  reference  data. 
Identifiable  traits  include  fingerprints, 
hand  geometry,  voice  patterns,  facial  pat¬ 
terns,  and  iris  and  retina  patterns.  Bio¬ 
metrics,  or  at  least  the  promise  of  the 
various  technologies  involved,  is  cur¬ 
rently  at  the  forefront  of  thinking  about 
authentication.  But  organizations  have 
been  slow  to  adopt  biometrics,  partially 
because  the  products  available  can  be 
expensive  and  aren’t  as  foolproof  as  they 
should  be. 

Remembering  that  control  procedures 
are  necessary  for  all  of  the  hardware  and 
software  you  use  will  go  a  long  way  to¬ 
ward  protecting  less-secure  environ¬ 
ments.  Of  course,  the  level  of  access  con¬ 
trol  you  choose  will  have  to  be  adjusted 
depending  upon  the  sensitivity  of  the 
data  being  accessed.  Other  variables  in¬ 
clude  the  significance  of  the  applications 
processed,  the  cost  of  the  equipment  and 
the  availability  of  backup  equipment. 

Because  laptops  are  portable  and 
hence  targets  for  theft  and  misuse,  they 
must  be  included  in  the  security  policy 
equation.  Again,  their  location  and  the 
amount  of  sensitive  data  they  contain 
will  determine  how  much  physical  secu¬ 
rity  they  require. 

This  may  sound  basic,  and  it  is.  But 
any  comprehensive  security  plan  has  to 
start  with  physical  security.  ©  53844 

WANT  OUR  OPINION? 

OFor  more  columns  and  links  to  our  archives,  go  to 

www.computerworld.com/opinions 


Got  a  mobile  or  wireless 
solution  so  good  it’s 
worthy  of  an  award? 

Nominate  it  for  Computerworld’s 
“Best  Practices  in  Mobile 
&  Wireless”  Awards  Program! 

Computerworld  is  seeking  IT  user-organization  case  study  submissions  for 
consideration  and  recognition. 

This  program  will  evaluate,  select  and  recognize  ten  Mobile  and/or  Wireless 
Technology  “Best  Practices”  based  on  case  studies  highlighting  successful  or 
noteworthy  solution  implementation  projects  and  deployments  in  the 
following  categories: 

•  Business-critical  Applications 

•  Expanding  Wireless  for  Better  ROI 

•  Business  Transformation 

•  Wireless  as  an  Advantage  for  the  Small/Medium  Business 

•  Office  of  the  Future 

Nominations  are  welcomed  from  IT  Users/lmplementers;  Systems  Integrators/Consultants;  IT  vendors  on  behalf  of  customers, 
or,  their  own  In-House  Deployment;  and  PR  firms  on  behalf  of  clients.  Multiple  submissions  of  case  studies  describing  different 
deployments  per  company/organization  will  be  considered. 

Winners  will  be  featured  in  a  special  Computerworld  supplement  profiling  the  company  and  submitted  case  study. 
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MEANS  MORE  POWER 

MORE  AFFORDABLY 


ProCurve  Networking  by  HP  offers  a  range  of  affordable 
gigabit-enabled  switches  that  is  second  to  none.  That  means 
you  can  get  better  performance  from  your  network  along  with 
better  performance  from  your  networking  dollars.  Downloads 
that  used  to  take  minutes  can  now  be  done  in  seconds.  And  you 
can  do  it  for  cents.  Not  dollars.  That’s  high-availability  gigabit 
performance  at  the  edge — not  just  the  core  of  your  network. 
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What’s  more,  ProCurve  gigabit-enabled  switches  are 
backed  by  a  lifetime  warranty* — perhaps  the  best  in  the 


industry.  More  affordability.  More  choice.  More  productivity. 


Find  out  how  to  get  the  power  of  gigabit  for  less. 

Visit  www.hp.com/networklng/gigabit  for  our  latest  gigabit  promotion 


ProCurve  Networking 

HP  Innovation 


click  www.hp.com/networking/gigabit  contact  your  local  HP  reseller 


•lifetime  warranty  applies  to  all  ProCurve  Products,  excluding  the  ProCurve  routing  switch  9300m  Series  and  Secure  Access  700wl  Series,  which  have  a  one-year  warranty  with  extensions  available. 
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Q&A 

Scholars  &  Barbarians 

John  Markoff  talks  about  his  book,  What 
the  Dormouse  Said . . .,  which  examines  the 
confluence  of  technology,  politics  and 
psychedelics  that  gave  birth  to  the  PC 
and  looks  at  the  continuing  controversy 
over  who  owns  information.  Page  42 


Career  Watch 

Barry  Cohen,  a  vice  president  at  Wells 
Real  Estate  Funds,  answers  a  reader’s 
question  about  the  value  of  certifica¬ 
tions.  Plus,  aid  for  the  laid-off  employ¬ 
ees  of  PeopleSoft;  and  a  wealth  gap  for 
knowledge  workers.  Page  45 


OPINION 

The  Hard  Facts 
About  Process 

No  time  to  follow  standard 
processes?  John  Columbus 
warns  that  the  minutes  you  save 
today  may  cost  you  hours  and 
dollars  tomorrow.  Page  46 


Interim  CIOs  play  many 
roles,  from  savior  to 
enforcer,  but  good 
cop  or  bad,  they  act 
quickly  and  move  on. 
BY  MARY  K.  PRATT 


- 1 

Pete  shelkin’S  tenure  as  CIO 
at  San  Juan  Regional  Medical 
Center  lasted  four  months,  a 
short  stint  even  by  today’s 
fast-paced  standards.  Still, 

Shelkin  achieved  his  goal, 
which  was  to  devise  a  plan  to  push  the  Farm¬ 
ington,  N.M.-based  hospital’s  IT  operations  to 
a  new  level  of  performance. 

Most  CIOs  would  want  more  time  to  tackle 
such  a  task,  but  Shelkin  figures  the  brevity  of 
his  assignment  helped  him.  “When  you’re 
coming  in  as  an  interim  [CIO],  you’re  looking 
to  figure  out  what  the  organization  needs 
done  and  get  it  done  quickly  without  setting 
your  own  tone,”  he  says. 
u  Despite  the  fleeting  nature  of  their  work, 

§  temporary  CIOs  like  Shelkin  say  they’re  ex- 
>  pected  to  do  much  more  than  provide  care¬ 
rs  taker  services.  They’re  often  hired  to  turn 
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PAUL  M.  LEMERISE  has  worked  for 
start-ups  and  multibillion-doiiar  corpora¬ 
tions  during  his  30-year  career.  His  experi¬ 
ence  spans  ail  aspects  of  IT. 

Now  he's  on  the  market,  looking  to  rent 
out  his  expertise. 

A  partner  at  Tatum  Partners,  Lemerise  is 
no  longer  interested  in  a  permanent  execu¬ 
tive  position. 

He  has  his  reasons.  “I  like  the  challenge 
of  things  being  messed  up,"  he  says. 

That’s  a  common  sentiment  among 
those  who  opt  for  temporary  CIO  assign¬ 
ments.  They  say  companies  frequently 
need  interim  CIOs  when  IT  departments 
are  in  disarray.  The  challenge  of  setting  the 
IT  groups  straight  draws  them  to  the  work. 

“I  really  like  the  idea  of  getting  in,  help¬ 
ing  them  and  then  getting  out  of  the  way,” 
says  Tom  Costello,  president  and  CEO  of 
UpStreme. 

Costello  has  served  as  a  temporary  CIO 
seven  times  since  1998.  His  assignments 

around  departments,  develop  strate¬ 
gies  and  drive  change.  As  tough  as  that 
can  be  for  full-fledged  executives, 
those  in  interim  positions  say  their 
jobs  come  with  extra  challenges  that 
demand  a  separate  set  of  skills.  They 
say  they’re  fully  up  to  the  task. 

“A  temporary  CIO  needs  to  be  a 
politician,  analyst  and  therapist,”  says 
Tom  Costello,  president  and  CEO  of 
UpStreme  Inc.,  a  consulting  firm  in 
Malvern,  Pa. 

That’s  just  the  start.  Interim  CIOs, 
like  their  permanent  counterparts, 
must  understand  how  technology  sup¬ 
ports  a  company’s  business  goals,  ex¬ 
perts  say.  But  because  of  the  job’s  con¬ 
densed  time  frame  —  temporary  CIOs 
say  the  length  of  their  assignments 
ranges  from  a  few  weeks  to  more  than 
a  year  —  they  must  be  able  to  move 
more  quickly  than  permanent  execs. 

Paul  M.  Lemerise,  a  partner  at 
Atlanta-based  Tatum  Partners  LLP, 
started  in  January  as  interim  CIO  at 
Pharmavite  LLC,  a  Northridge,  Calif.- 
based  vitamin  manufacturer  and  dis¬ 
tributor.  He  has  already  restructured 
Pharmavite’s  IT  organization. 

But  Lemerise  says  the  ability  to  act 
quickly  is  only  one  of  the  skills  he 
needs.  Prior  experience  is  a  must,  and 
experience  with  turnaround  situations 
is  also  crucial.  “Otherwise,”  he  says, 
“you’ll  fail  miserably.” 

Still,  temp  execs  say  that’s  not 
enough.  They  must  bridge  business 
and  technology,  handle  staffing  issues, 
oversee  projects  and  deployments  — 


have  lasted  about  four  months  on  average. 

The  money  isn’t  bad,  either.  Several 
temporary  CIOs  put  the  earnings  of  those 
in  the  field  at  one  and  a  half  to  three  times 
those  of  their  permanent  counterparts. 

But,  they  stress,  that’s  not  what  keeps 
them  looking  for  those  temporary  jobs. 

Pete  Shelkin  works  both  at  his  own  com¬ 
pany,  Shelkin  Consulting  LLC  in  Yellow 
Springs,  Ohio,  and  as  an  associate  at  Al¬ 
liance  Information  Management  Inc.,  a  Far¬ 
go,  N.D.,  consulting  firm.  He  recently  served 
four  months  as  interim  CIO  at  San  Juan  Re¬ 
gional  Medical  Center  in  Farmington,  N.M., 
commuting  to  his  Ohio  home  on  weekends. 

Hospital  officials  made  it  clear  that  he 
could  have  the  post  permanently,  but 
Shelkin  wasn’t  interested.  “I  thrive  on 
walking  into  a  situation  that’s  not  at  its  best 
and  helping  get  it  to  a  state  where  it  is  run¬ 
ning  its  best,”  he  says.  “When  things  are 
running  smoothly,  I  get  bored.” 

-  Mary  K.  Pratt 


the  usual  tasks  of  any  CIO  —  but  with 
neither  an  in-depth  understanding  of  a 
company’s  history  nor  a  network  of  fa¬ 
miliar  co-workers. 

Marc  Grossman,  president  of  New 
York-based  Smart  Solutions  for  Health 
Care,  places  CIOs  into  interim  posi¬ 
tions  in  the  health  care  industry.  He 
does  his  homework  before  matching 
executives  with  clients. 

He  recently  placed  a  temporary  CIO 
at  a  250-bed  facility  in  the  Northeast. 
Before  making  the  placement,  he  asked 
a  host  of  questions:  Why  did  the  previ¬ 
ous  CIO  leave?  Does  the  CIO  report  to 
the  CEO  or  chief  financial  officer? 
What’s  the  CEO’s  management  style? 

Grossman  chose  a  colleague  who  so 
far  seems  to  be  the  right  fit:  The  indi¬ 
vidual  has  a  strong  technical  back¬ 
ground,  is  familiar  with  the  hospital’s 
systems  and  will  be  able  to  implement 
plans  without  ruffling  feathers. 

That  last  trait  is  often  critical,  ex¬ 
perts  say.  Temporary  CIOs  must  deal 
with  a  tangle  of  personal  and  profes¬ 
sional  dynamics  unique  to  their  situa¬ 
tions.  Consider,  for  example,  working 
in  the  top  IT  spot  after  the  previous 
CIO  was  fired.  “You’re  dealing  with 
people  who  are  friends  of  the  CIO,  en¬ 
emies  of  the  CIO  and  constituents  of 
the  previous  CIO,”  Costello  says.  “All 
these  people  are  getting  in  the  mix.” 

Given  that,  Lemerise  says,  interim 
CIOs  must  learn  to  use  their  influence 
quickly  and  effectively.  “You  have  ab¬ 
solutely  no  span  of  control;  you  have 
tremendous  span  of  influence,”  he  says. 


Someone  skilled  at  influencing  is  a 
valuable  asset,  says  Larry  Johnson,  CIO 
for  the  government  of  South  Carolina. 
“When  you’re  in  an  interim  position, 
you  have  to  be  able  to  facilitate  agree¬ 
ment  among  different  parties.  As  an  in¬ 
terim,  you  don’t  come  in  with  a  huge 
stick,”  he  says. 

When  Johnson  needed  an  interim 
CIO  at  a  state  agency,  he  named  a 
woman  who  had  been  running  an  ap¬ 
plication  development  organization  for 
a  different  state  office.  “This  is  an 
agency  that  wanted  change,”  he  says, 
explaining  that  the  woman  has  been 
charged  with  developing  a  plan  to  up¬ 
grade  the  agency’s  infrastructure. 

“She  has  some  built-in  credibility  be¬ 
cause  she  comes  in  from  the  outside,” 
he  explains.  “She  can  move  forward 
change  and  get  people  moving  without 
worrying  too  much  about  whether  this 
person’s  going  to  hate  me  in  a  year.” 

Johnson  also  says  he  picked  her 
because  she’s  good  at  getting  people 
to  talk. 

Bad  Cop 

Other  interim  CIOs  say  that  they’re 
brought  in  specifically  to  be  the  “bad 
guy”  —  to  get  in,  push  through  change, 
then  move  on  so  the  permanent  CIO 
can  come  in  with  a  clean  slate.  “Orga¬ 
nizations  look  to  the  interim  CIO  to  do 
some  of  the  dirty  work,”  Shelkin  says. 
“Bringing  about  change,  you  may  cre¬ 
ate  some  enemies  along  the  way.  There 
just  may  be  no  easy  way  to  get  things 
done  without  having  people  hold 
grudges  later.  So  having  an  interim  guy 
come  in  —  it’s  sort  of  ‘good  cop,  bad 
cop.’  The  permanent  CIO  can  come  in 
without  any  of  the  baggage  of  having 
made  choices  that  were  unpopular 
with  some  people.” 

Steve  Fleagle  became  interim  CIO  of 
the  University  of  Iowa  in  Iowa  City  in 
January  2004,  a  promotion  from  his  job 
as  director  of  telecommunication  and 
network  services.  He  expects  to  stay  on 
as  interim  until  July,  although  he’s  also 
a  candidate  for  the  permanent  post. 

Fleagle  sees  limits  to  the  amount  of 
strategic  change  a  temporary  exec  can 
—  or  should  —  undertake.  “I’d  hate  to 
take  the  organization  off  in  one  direc¬ 
tion  and  then  have  the  next  CIO  take  it 
off  in  another  direction,”  he  says. 

Budget  decisions  illustrate  his  point: 
Fleagle  struggled  when  he  had  to  make 
cuts,  trying  to  figure  out  what  effect 
his  choices  would  have  on  the  strategic 
options  he’d  leave  for  his  permanent 
replacement. 

Despite  the  limits  inherent  in  his 
temporary  post,  Fleagle  says  the  uni¬ 
versity  had  no  choice  but  to  fill  the 


CIO  spot  —  even  if  it  was  with  a  tem¬ 
porary  leader. 

“I  think  that  we’ve  been  steadily 
building  momentum  in  the  past  10 
years,”  he  says,  “and  my  role  is  to  con¬ 
tinue  the  momentum.”  ©  53626 


Pratt  is  a  Computerworld  contributing 
writer  in  Waltham,  Mass.  Contact  her  at 
marykpratt@verizon.net. 
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DISSENTING 

OPINION 

DESPITE  THE  SUCCESS  of  many 
interim  CIOs,  not  everyone  is  sold  on 
the  concept. 

“When  someone  isn’t  tied  into  the 
strategy  and  vision  right  from  the 
outset,  it  becomes  difficult  for  the 
person  to  add  value  from  a  strategic 
position,”  says  Umesh  Ramakrish- 
nan,  Cleveland-based  vice  chairman 
of  Christian  &  Timbers,  a  New  York 
executive  search  firm. 

Ramakrishnan  says  companies 
shouldn’t  use  temporary  CIOs  for 
strategic  planning  because  they 
could  misinterpret  the  company’s 
vision  or  devise  a  technology  plan 
that’s  out  of  sync  with  the  company’s 
goals.  He  says  the  CEO  or  CFO  should 
handle  strategic  planning  when  the 
CIO’s  post  is  suddenly  vacant. 

Better  still,  he  says,  companies 
should  plan  for  such  scenarios:  “If 
there’s  a  strong  succession  plan,  the 
loss  of  a  CIO  is  not  going  to  destabi¬ 
lize  the  company.  The  No.  2  can 
step  in  and  take  care  of  things.” 

Michael  Gerrard,  an  analyst  at 
Gartner  Inc.,  agrees  that  the  value  of 
temporary  CIOs  is  limited.  He  says 
they  can  be  useful  when  a  company 
isn’t  happy  with  the  outgoing  CIO’s 
approach  but  isn’t  clear  about  what 
it  wants  next.  They  can  be  valuable 
in  caretaker  roles,  too,  particularly 
at  companies  where  IT  is  more  tacti¬ 
cal  than  strategic. 

But  companies  where  CIOs  are 
truly  part  of  the  executive  team 
aren’t  well  served  by  hiring  someone 
temporarily,  he  says. 

“To  try  to  fill  that  kind  of  role  on  a 
temporary  basis  would  be  extremely 
difficult,”  Gerrard  says.  “They  don’t 
have  enough  business  knowledge  to 
be  effective.” 

-  Mary  K.  Pratt 
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“The  shaping  of 
the  PC  industry 
is  about  values  - 
about  a  collision 
between  the  profit 
motive  and  the 
urge  to  share  ” 
says  author 
JOHN  MARKOFF. 


What  the  Dormouse 
Said. . .  examines 
how  the ’60s  counter¬ 
culture  shaped  the 
PC  industry. 

What  the  Dormouse  Said . . . : 
How  the  60s  Counterculture 
Shaped  the  Personal  Computer 
Industry  is  John  Markoff’s  fasci¬ 
nating  look  at  the  unique  nexus 
of  technology,  politics  and  psy¬ 
chedelics  that  gave  birth  to  the  PC.  Markoff  talked 
with  Kathleen  Melymuka  about  the  two  very  different 
philosophical  approaches  to  information  that  divided 
the  nascent  industry  at  that  time  and  still  do  today. 

In  a  nutshell,  how  did  the  ’60s  counterculture  contribute  to 
the  development  of  personal  computing?  Technologies 
don’t  happen  in  a  vacuum.  They’re  shaped  by  the 
society  and  the  politics  and  all  kinds  of  things.  There 
was  a  remarkable  convergence  around  Stanford  in 
the  ’60s  —  an  intersection  of  counterculture,  people 
developing  a  new  technology  and  politics,  and  it  was 
all  tied  together  in  a  remarkable  way. 

The  shaping  of  the  PC  industry  is  about  values  — 
about  a  collision  between  the  profit  motive  and  the 
urge  to  share  that  has  defined  the  industry  and  the 
entire  digital  world.  It’s  a  remarkable  collision,  and  it 
began  at  the  moment  that  the  PC  industry  began. 

I  think  that  readers  will  be  amazed  at  the  amount  of  LSD 
use  among  computer  engineers  of  Northern  California’s 
Midpeninsula  area  at  the  time.  Was  that  just  part  of  the 
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cultural  wallpaper,  or  did  it  actually  affect  the  development  of 
personal  computing?  There  was  a  search  for  ways  to  ex¬ 
pand  the  mind  that  took  a  variety  of  forms  —  every¬ 
thing  from  drugs  to  Doug  Engelbart’s  development  of 
Augment,  the  information  retrieval  system  that’s  the 
precursor  for  all  the  work  done  at  [the  Palo  Alto  Re¬ 
search  Center],  which  was  the  precursor  for  all  the 
work  done  at  Apple  and  Microsoft.  That’s  a  direct 
line.  And  Augment  was  an  exam¬ 
ple  of  Doug’s  passion  to  build  a 
tool  to  augment  human  intelli¬ 
gence.  That  happened  at  the  same 
time  there  was  a  lot  of  exploration 
of  some  of  the  limits  of  human 
consciousness.  Some  of  it  shows 
up  in  psychedelic  drugs,  some  in 
these  tools,  some  in  Zen  and  EST 
—  it  was  all  happening  in  the  same 
time,  and  it’s  impossible  to  unwind 
lem.  A  community  of  people  was 
doing  all  kinds  of  experimenting 
with  technology  and  psychedelics. 

One  of  your  recurring  themes  is  what 


you  call  the  fault  line  between  the  profit  motive  and  the  con¬ 
viction  that  information  should  be  shared  freely.  Did  that  ten¬ 
sion  affect  the  early  development  of  the  PC?  It  was  so  much 

a  part  of  stuff  that  happened  at  the  MIT  AI  lab  and 
later  at  the  Stanford  AI  lab  and  later  at  the  Homebrew 
Hobbyists  Club.  It  was  the  spark  that  set  off  the  com¬ 
puter  industry.  [Steve]  Wozniak  designed  the  Apple  I 
just  to  have  a  computer  to  share  with  his  friends  at 
the  Homebrew  club.  Steve  Jobs  understood  there 
could  be  a  market  for  that  and  created  the  Apple  II. 
You  can  see  the  tension  in  the  relationship  between 
Jobs  and  Wozniak,  and  it  was  writ  large  in  the  club. 

Is  that  tension  still  affecting  progress  in  information  technol¬ 
ogy?  Yeah.  Ask  Bill  Gates  what  his  principal  competi¬ 
tion  is,  and  he’ll  say  the  open-source  community.  Not 
only  is  Microsoft  embroiled  in  that  same  tension,  now 
as  the  entire  world  becomes  digitized,  that  tension  is 
spreading  everywhere:  the  sciences,  entertainment. 
It’s  ironic  that  with  the  fall  of  communism  we 
thought  the  world  would  be  this  uniform  capitalist 
place,  but  it  turns  out  there’s  this  alternative  eco¬ 
nomic  approach  that  is  probably  going  to  define  the 
next  two  or  three  decades.  ©  53605 


The  Crucible 

Of  CULTURE 


It  is  not  a  coincidence  that  although  it  was  at  the  periphery  of 
the  established  computing  world,  California  is  where  personal 
computing  first  emerged.  For  most  of  its  history,  the  computing 
establishment  had  been  centered  in  the  upstate  New  York  main¬ 
frame  factories  of  IBM  and  in  the  research  laboratories  and  the 
emerging  high-technology  world  surrounding  MIT  and  Cambridge. 
Beginning  in  the  '60s,  however,  the  Midpeninsula,  a  relatively  small 
region  located  between  San  Jose  and  San  Francisco,  became  a 
crucible  not  only  for  political  protest  and  a  thriving  counterculture 
but  also  for  a  new  set  of  computing  paradigms. 

An  argument  can  be  made  that  the  seeds  of  personal  computing 
were  planted  simultaneously  on  both  the  East  and  West  coasts. 
Certainly  the  idea  of  a  single-user  computer  was  alive  around  Route 
128  in  Massachusetts  as  well  as  on  the  Midpeninsula  in  the  1960s. 

With  figures  like  Ivan  E.  Sutherland,  Vannevar  Bush,  J.C.R.  Lick- 
iider,  Robert  Taylor,  Theodor  Nelson  and  the  computer  hackers  at 
MIT,  all  of  the  intellectual  ingredients  for  personal  computing  exist¬ 
ed  on  the  East  Coast.  Why,  then,  did  the  passion  for  the  PC  and  lat¬ 
er  the  PC  industry  emerge  first  around  Stanford? 

The  answer  is  that  there  was  no  discrete  technological  straight 
line  to  the  personal  computer  on  the  East  Coast.  What  separated  the 
isolated  experiments  with  small  computers  from  the  full-blown  birth 
of  personal  computing  was  the  West  Coast  realization  that  computing 
was  a  new  medium,  like  books,  records,  movies,  radios  and  televi¬ 
sion.  The  personal  computer  had  the  ability  to  encompass  all  of  the 
media  that  had  come  before  it  and  had  the  additional  benefit  of  ap¬ 
pearing  at  a  time  and  place  where  all  the  old  rules  were  being  ques¬ 
tioned.  Personal  computers  that  were  designed  for  and  belonged  to 
Single  individuals  would  emerge  initially  in  concert  with  a  counter¬ 


culture  that  rejected  authority  and  considered  the  human  spirit  as 
able  to  triumph  over  corporate  technology,  not  be  subject  to  it. 

The  East  Coast  computing  culture  didn’t  get  it.  The  old  comput¬ 
ing  world  was  hierarchical  and  conservative.  Years  laier,  after  the 
PC  was  an  established  reality,  Ken  Olson,  the  founder  of  minicom¬ 
puter  maker  Digital  Equipment  Corp.,  still  didn’t  get  it:  He  publicly 
asserted  that  there  was  no  need  for  a  home  computer. 

In  the  ’60s,  the  community  surrounding  Stanford  University  was 
a  bundle  of  contradictions.  Outwardly,  it  was  a  sleepy  college  com¬ 
munity,  but  there  had  long  been  a  Bohemian  fringe  in  the  Bay  area, 
and  in  the  ’50s  and  early  ’60s  there  was  an  undercurrent  that  ran  at 
cross-purposes  to  the  middle-class  mainstream.  The  Bohemian 
spirit  embodied  by  Dean  Moriarity  in  Jack  Kerouac’s  On  the  Road 
animated  a  tiny  counterculture. 

It’s  easy  to  forget  how  different  attitudes  were  toward  drugs  dur¬ 
ing  the  ’60s.  LSD,  in  particular,  has  become  an  incendiary  subject. 
Demonized  today,  its  impact  is  glibly  dismissed.  Yet  four  decades 
ago,  LSD  was  a  defining  force  in  a  cultural  war. 

For  those  who  grew  up  during  the  1960s,  the 
decade  is  still  a  touchstone,  having  transformed 
everyone  who  lived  through  it  -  and  that  is  especially 
true  for  many  of  the  computer  scientists,  entrepre¬ 
neurs  and  hackers. 

Over  a  span  of  three  decades,  much  of  the  original  spirit  of  the 
’60s  has  been  lost.  For  many  today,  the  era  serves  almost  as  a 
historical  Rorschach  test:  either  an  idealistic  moment  in  time  or  a 
target  for  a  conservative  pundit  to  rail  against. 

The  ’60s  serve  a  similar  function  for  attitudes  about  information 
technology.  Today,  the  modern  computer  industry  has  become  divid¬ 
ed  into  two  warring  camps:  On  one  side,  giant  Microsoft  champions 
the  private  ownership  of  information.  Software,  the  company  believes, 
is  a  commodity  to  be  bought,  sold  and  jealously  guarded.  Opposed 
to  Microsoft  are  the  growing  legions  of  computer  programmers  who 
have  formed  an  open-source  movement  that  is  committed  to  the 
idea  that  information  should  be  free  and  that  shared  software  can 
be  used  to  animate  increasingly  powerful  computers. 

The  schism  between  information  propertarians  and  information 
libertarians  divides  not  only  the  computer  industry  but  increasingly 
the  entire  digital  world,  affecting  the  consumer  electronics,  record¬ 


ing  and  motion  picture  industries.  The  defenders  of  information  as 
private  property  make  the  case  that  unregulated  information  avail¬ 
ability,  whether  in  the  form  of  file  sharing  or  in  the  doctrines  of  the 
open-source  movement,  is  a  fundamental  threat  to  the  industry  as 
well  as  innovation.  Led  by  Microsoft  and  the  recording  and  film  in¬ 
dustries,  there  is  a  great  cry  that  the  vandals  are  at  the  gates  and 
that  information  sharing  is  the  digital-age  equivalent  of  the  threat 
communism  posed  to  developing  industrialism  in  the  nineteenth 
and  twentieth  centuries. 

When  societal  benefits  are  weighed  against  those  of  private  in¬ 
terests,  however,  the  consequences  of  allowing  information  to  be 
shared  without  restriction  become  more  nuanced.  Consider  the  roots 
of  Silicon  Valley.  The  transistor  was  invented  at  AT&T s  Bell  Labora¬ 
tories  in  New  Jersey,  but  the  giant  telecommunications  company 
was  later  forced  to  license  the  invention  freely  under  the  terms  of  an 
antitrust  settlement  with  the  Justice  Department.  The  Valley’s  very 
existence  -  the  product  of  the  most  dramatic  technological  and  en¬ 
trepreneurial  boom  in  the  nation’s  history  -  was  made 
possible  by  the  enforced  availability  of  the  transistor. 

Likewise,  the  hacker’s  ethos  of  sharing  information 
lies  at  the  very  heart  of  the  explosive  growth  of  the 
personal  computer.  It  is  not  a  coincidence  that,  during 
the  ’60s  and  early  70s,  at  the  height  of  the  protest 
against  the  war  in  Vietnam,  the  civil  rights  movement  and  wide¬ 
spread  experimentation  with  psychedelic  drugs,  personal  comput¬ 
ing  emerged  from  a  handful  of  government  and  corporate-funded 
laboratories,  as  well  as  from  the  work  of  a  small  group  of  hobbyists 
who  were  desperate  to  get  their  hands  on  computers  they  could 
personally  control  and  decide  to  what  uses  it  should  be  put. 

Science  fiction  writer  William  Gibson  has  said,  “The  future’s  al¬ 
ready  arrived:  it’s  just  not  evenly  distributed  yet."  That  observation  is 
particularly  true  of  a  tiny  microcosm  that  was  as  localized  but  has 
become  as  influential  in  the  world  as  fifteenth-century  Florence  was 
when  it  gave  the  world  the  Renaissance  half  a  millennium  ago. 

©  536G6 
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In  Wake  of  Takeover,  Aid  for  the  Laid 


PEOPLESOFT  INC.  co-founder  David  A. 
Duffield  has  established  a  fund  to  aid  for¬ 
mer  employees  who  were  laid  off  as  a 
result  of  Oracle  Corp.’s  takeover  of  the 
company  in  December,  according  to  a 
report  in  The  Wall  Street  Journal. 

The  Journal  says  that  Duffield  -  who 
last  year  had  a  net  worth  of  $1.3  billion, 
according  to  a  Forbes  magazine  estimate, 
-  has  pledged  several  million  dollars  to 
the  fund. 

Laid-off  workers  who  haven’t  landed  a 
new  job  after  three  months  and  whose 
salaries  at  PeopleSoft  were  below 
$150,000  a  year  are  eligible  for  as  much 
as  $10,000  in  emergency  assistance. 


David  Ogden,  a  former  PeopleSoft 
marketing  executive,  is  managing  the 
effort,  known  as  the  Safety  Net.  “We  have 
no  idea  if  we’re  going  to  get  three  appli¬ 
cations  or  300,"  the  Journal  quotes 
Ogden  as  saying.  “We  hope  to  find  the 
people  most  in  need  and  help  them.” 

Only  one  former  employee  has  applied 
so  far,  according  to  Ogden.  Applicants 
are  asked  to  fill  out  a  four-page  form 
about  their  needs,  which  is  then  reviewed 
by  a  five-person  board,  he  said. 

Most  engineers  and  sales  representa¬ 
tives  at  PeopleSoft  have  been  kept  by 
Oracle,  but  most  administrative  and 
marketing  positions  were  eliminated. 


Co 


ASK  A  PREMIER  100  LEADER 

Barry  P 
Ten 

TITLE:  Vice 
president  of 
applications 
management 

COMPANY: 

Wells  Real 
Estate  Funds,  Duluth,  Ga. 

Cohen  is  this  month’s  guest 
Premier  100  IT  Leader,  an¬ 
swering  an  unemployed 
reader’s  question  about  the 
value  of  certifications. 

If  you  have  a  question 
you'd  like  to  pose  to  one 
of  our  Premier  100  IT  Lead¬ 
ers,  send  it  to  askalea 

,  and 

watch  for  this  column  each 
month. 


I  have  15  years’  experience  in  IT 
administration  -  mainframe,  file 
servers,  network  and  help  desk, 
for  example  -  but  have  been  out 
of  work  for  two  years.  Here  in  the 
Seattle  area,  about  500  to  1,000 
workers  respond  to  every  ad  for 
an  IT  job.  I  have  a  bachelor  of  sci¬ 
ence  degree  in  electrical  and 
computer  engineering.  Might  cer¬ 
tifications  help  me  land  a  job? 

I  recently  attended  Computerworld' s 
Premier  100  IT  Leaders  Conference 
and  met  several  colleagues  from  the 
Seattle  area.  All  corroborated  your 


- - - N 

story  about  the  soft  job  market,  but  j, 

they  did  say  that  hiring  is  picking  up.  In  f 
fact,  one  company  vice  president  said  j: 
she  would  be  hiring  more  than  100 
people  this  year.  jj 

As  for  certifications,  they  may  be  ;; 

helpful  if  1)  in  the  process  of  getting  5 
certified  you  acquire  skills  that  you  t 

don't  already  have  and  those  skills  are  j 
in  high  demand,  or  2)  the  certification  u 
alone  is  impressive  enough  to  move  J 

you  far  up  the  list  of  the  500  to  1,000  J 
candidates  who  are  applying  for  the  2 
jobs  that  you  mentioned. 

I  would  prefer  that  you  reconsider  j 

your  tactics  and  take  a  different  * 

approach  to  finding  your  next  job-  5 

one  that  is  tactical  and  then  strategic.  is 
Start  by  doing  a  self-assessment 
and  identify  all  of  the  IT  positions  that  J 
may  be  similar  to  or  extensions  of  t 

what  you've  done  in  the  past.  Then 
work  with  a  recruiter  to  understand  S 

what  skills  are  in  high  demand  in  J 

your  area.  Match  your  list  with  the  j 

in-demand  list  and  create  a  plan  to  t 

fill  in  the  gaps.  You  might  need  only  j 

a  week  or  two  of  training  to  get  there.  J 
Don’t  be  afraid  to  take  any  reasonable  c 
job  to  become  employed.  It’s  easier  to  j 
find  a  job  if  you  have  a  job.  s 

For  the  long  term,  you  will  need  to 
rethink  your  career  path.  There  are  i 

many  hot  areas  in  IT  with  high  de-  : 

mand  and  long-term  potential,  such  as  j 
IT  security,  compliance  and  document  ■ 

management.  Also  consider  which  in-  i 

dustries  are  high-growth  areas  for  IT.  i! 
Matching  a  highly  sought-after  skill  in  ; 
a  high-growth  industry,  such  as  health  J 

care,  should  yield  even  better  results. 

More  extensive  education  is  required 
to  make  this  type  of  move,  but  it  will 
be  worth  it.  Best  of  luck.  p 

_ J 


Rosy  Outlook  at  Fast-Growing 
Tech  Companies 


How  much  wifi  your 
workforce  grow  in  the 
next  12  months? 


None;  it  will 
decline  1% 


No  change 

4%— 


101°/o-200°/o 

2% 

Over  200% 

- 2% 


How  confident  are  you  that  your 
company  will  sustain  its  high  level 
of  growth  over  the  next  12  months? 


*jr—  Very  confident 


T 


Somewhat 
I*: —  confident 

Pessimistic 


Extremely  confident 


SOURCE:  DELOITTE  &  TOUCHE  LLP  2005  TECHNOLOGY  FAST  500  CEO  SURVEY. 

IN  WHICH  MORE  THAN  150  CEOs  FROM  COMPANIES  AMONG  THE  500  FASTEST-GROWING 
TECHNOLOGY  COMPANIES  IN  NORTH  AMERICA  WERE  POLLED  DURING  Q1  2005. 


A  Wealth  Gap  for  Knowledge  Workers 


AN  ONGOING  STRAW  POLL  being  con¬ 
ducted  by  New  Jersey  think  tank  EraNova 
Institute  has  so  far  found  that  more  knowl¬ 
edge  workers  rank  themselves  as  being 
poor  or  rich  than  as  doing  just  OK.  Of  the 
poll’s  first  209  respondents,  27.3%  had 
rated  themselves  as  “poor”  (not  making 
enough  to  pay  the  bills),  46.9%  had  rated 
themselves  as  “middle"  (earning  enough  to 
get  by),  and  25.8%  had  rated  themselves 
as  “rich"  (making  enough  to  save  and 
splurge).  “More  than  one  in  four  are  telling  us 
they’re  not  making  enough  to  live  on,”  says 
institute  director  Richard  W.  Samson.  “Are 
we  moving  toward  a  rich/poor 
economy,  in  knowledge  work  as 
well  as  society  as  a  whole?” 


EraNova  is  planning  a  formal  study  to  in¬ 
vestigate  whether  the  wealth  gap  is  increas¬ 
ing  among  the  highly  educated  in  the  U.S., 
as  it  has  been  among  the  general  popula¬ 
tion.  If  it  is,  says  Samson,  then  changes  of 
many  types  will  be  indicated  -  changes  in 
social  policy,  education,  business  manage¬ 
ment  and  recommended  career  pursuits. 

“The  prevailing  assumption,”  he  says,  “is 
that  higher-level  skills  will  fix  our  employ¬ 
ment  problems.  If  you’ve  been  laid  off,  just 
upgrade  yourself  at  a  community  college  or 
grad  school.  But  what  if  that  assumption's 
wrong?  What  if,  as  many  high-tech  people 
with  Ph.D.s  are  telling  us,  there's  a 
wealth  gap  no  matter  what  your 
skill  level?”  ©  53656 
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The  straw  poll  is 
active  and  maybe 
taken  and  viewed  at 

www.eranova.com. 
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Diversity 

■  May  9-11,  New  York 
Sponsor:  The  Conference  Board 

The  Annual  Diversity  Conference:  The 
Diversity  Performance  Factor  looks 
at  the  latest  research,  practice  and 
implications  of  the  multicultural  mar¬ 
ketplace.  Topics  include  succession 
planning  and  leadership  competence, 
strategy  development,  recruitment 
and  development  strategies,  global 
diversity  and  generational  differences. 
www.conference-board.org/ 
conferences/ 


Security 

■  May  11,  San  Francisco 
Sponsor:  IDC 

Security  Forum  West:  Investigating  the 
Next  Frontiers  in  Security  and  Busi¬ 
ness  Continuity  includes  topics  such 
as  operating  in  a  corporate  environ¬ 
ment  without  traditional  "hardened" 
borders,  dealing  with  hostile  user  be¬ 
havior  and  malicious  code  eradication, 
and  key  components  of  a  comprehen¬ 
sive  tool  set  to  combat  present  and  fu¬ 
ture  threats,  www.idc.com/events 


Supply  Chain 

■  June  1-3,  Scottsdale,  Ariz. 
Sponsor:  AMR  Research  Inc. 

21st  Century  Market  Leadership:  The 
Marriage  of  Innovation,  Operational 
Excellence  and  Technology  focuses 
on  demand-driven  supply  networks 
(DDSN).  Topics  include  the  connec¬ 
tions  between  DDSN  and  stock  mar¬ 
ket  value,  product  innovation,  supply 
strategy  and  demand  management. 
The  conference  also  looks  at  opera¬ 
tions  strategy,  lean  manufacturing, 
risks  in  global  trade,  and  supply 
chain  performance  management. 
www.amrresearch.com/events/ 


BPM 

a  June  8-9,  Boston 
Sponsor:  Delphi  Group 

The  Business  Process  Management 
Bootcamp  includes  workshops  on 
how  to  pick  a  process,  process  prioriti¬ 
zation,  orchestration  and  visibility, 
defining  business  logic,  business  rules, 
the  BPM  market  landscape,  differenti¬ 
ating  software  products  and  project 
planning,  www.delphigroup.com/ 
events/bootcamp/ 


JOHN  COLUMBUS 

The  Hard  Facts 
About  Process 


IN  MY  22  years  in  IT,  I’ve  learned  that  companies 
and  people  repeat  the  failures  of  others,  and  one 
of  the  most  often  repeated  mistakes  is  the  failure 
to  follow  standard  processes. 

Good,  basic,  updated  written  processes  are  a 
proven  method  for  doing  quality  IT  work.  If  you  don’t 
believe  it,  try  this:  Take  a  piece  of  paper,  write  down 
some  complex  notes,  and  put  it  away  for  a  month. 

Then  take  it  out.  Which  will  be  more  exact  —  your 


memory,  or  the  “memory” 
on  the  piece  of  paper?  If 
you  had  a  book  with  300 
pages  in  it,  could  you  re¬ 
member  the  content  per¬ 
fectly  and  recite  it  a  month 
later?  Most  people  couldn’t. 

In  complex  situations,  we 
tend  to  forget  steps.  If  you 
doubt  this,  just  look  at  the 
number  of  computer  pro¬ 
gram  defects  produced  and 
the  project  overruns  they 
cause. 

Why  do  we  record  things? 

One  reason  is  to  pass  on  knowledge. 
That  way,  the  next  person  doesn’t  have 
to  relearn  what  we  already  know.  Why 
follow  a  written  process  or  checklist? 
Because  it’s  documented  wisdom  you 
don’t  have  to  relearn. 

Look  at  your  most  recent  project  is¬ 
sue  lists.  How  many  problems  could 
have  been  avoided  through  the  use  of 
checklists?  How  much  time,  effort  and 
money  might  that  have  saved? 

Granted,  the  time  it  takes  to  follow 
processes  may  sometimes  increase 
costs  on  small  projects.  If  you  weigh 
the  losses  due  to  process  on  small 
projects  versus  the  gains  on  large  proj¬ 
ects,  however,  you’ll  find  that  process 
is  still  cost-effective. 

Here  are  some  other  objections  I 
have  often  heard  about  following  writ¬ 


ten  processes: 

“My  ad  hoc  process  is  fine.” 

I  hear  that  a  lot,  but  it’s 
rarely  true.  Those  who 
rely  on  personal  “perfect” 
memory  are  missing  out 
on  the  combined  wisdom 
that’s  codified  into  the 
written  process.  The  num¬ 
ber  of  defects  that  result 
from  following  an  ad  hoc 
process  will  almost  cer¬ 
tainly  be  greater  than 
those  from  following  a 
written  process. 

“I’m  an  expert.  I  make  few  mistakes,  and 
checklists  are  a  waste  of  my  time.”  Sure 
you’re  an  expert,  but  do  you  have  a 
photographic  memory?  Remember 
that  300-page  book.  Regardless  of  your 
subject  knowledge  or  years  of  experi¬ 
ence,  your  memory  won’t  be  perfect. 

It’s  true  that  a  senior  person  avoids 
more  pitfalls  than  a  junior  person. 

Still,  experienced  airplane  pilots 
wouldn’t  dream  of  taking  off  without 
a  checklist.  No  length  of  experience 
gives  pilots  sufficient  memory  to  not 
need  some  form  of  written  process 
for  takeoffs  and  landings,  and  they’re 
smart  enough  to  realize  that. 

“Following  processes  takes  longer  and  costs 
more  than  repairing  the  defects  that  may  result 
when  processes  aren’t  followed.”  Another 
illusion.  Studies  have  shown  how  de- 


john  columbus  Is  the 
owner  of  Columbus  Con¬ 
sulting  Group  in  New 
Hope,  Minn.  Contact  him 
at  detanyek@hotmail.com. 


fects  within  projects  cause  overruns. 
IBM’s  “Rule  of  10”  shows  that  simple 
errors  in  the  beginning  of  a  project,  if 
not  discovered  until  the  project  goes 
into  production,  can  cost  tens  or  hun¬ 
dreds  of  thousands  of  dollars  per  de¬ 
fect  to  repair.  Based  on  that  study,  just 
one  defect  found  early  enough  would 
make  following  written  processes 
cost-effective. 

“Many  processes  are  impossible  to  follow.” 

Yes,  it’s  possible  to  write  processes  that 
are  so  generic  that  they  apply  to  noth¬ 
ing.  But  that’s  a  failure  of  the  writer, 
not  the  concept.  Yes,  there  are  plenty 
of  examples  of  old  processes  that  no 
longer  provide  value  and  have  become 
excellent  jokes.  But  those  represent 
failures  to  capture  continuous  learning 
and  embed  it  in  the  process. 

Processes  must  be  updated  with 
new  learning  each  time  they’re  used. 
Companies  that  expect  processes  to 
remain  static  in  a  changing  world  are 
setting  themselves  up  for  failure,  but 
again,  this  is  a  failure  in  documenting 
continuous  learning,  not  a  failure  of 
process  itself. 

“I  have  deadline  pressures,  so  I  can’t  take 
the  time  to  use  checklists.”  Without  writ¬ 
ten  processes,  your  limited  memory 
may  cause  you  to  make  a  mistake. 
History  demonstrates  that  someone 
will  forget  something  somewhere. 
You’re  gambling  that  your  mistakes 
will  delay  you  less  than  the  process 
would  have,  but  remember  the  IBM 
Rule  of  10:  As  you  get  closer  to  com¬ 
pleting  the  project,  the  cost  of  early 
mistakes  gets  higher.  By  the  time  you 
realize  that  you’ve  lost  the  bet,  all  you 
can  hope  for  is  that  no  one  reminds 
you  about  the  checklists  you  ignored.' 
O  53603 
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:EP  YOUR  BUSINESS  UP  AND  RUNNING  WITH  EMC  BUSINESS  CONTINUITY  SOLUTIONS. 
EMC  provides  a  broad  range  of  software,  services,  and  systems  built  for  your  needs  today,  and  the  flexibilty  to  add 
capacity  and  capabilities  tomorrow.  Whether  it’s  reliable  backup  and  restore,  or  realtime,  multi-site  replication, 
we  help  you  make  business  continuity  a  reality.  Ensuring  your  information  and  applications  will  always  be  there 
When  you  need  them.  To  learn  more,  visit  www.EMC.com/continuity. 
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Project  Manager  (Orlando, 
FL).  Expanding  hospitality 
and  business  management 
company  seeks  software  pro¬ 
fessional  to  plan,  manage, 
and  maintain  various  Internet 
and  business  system  projects 
through  project  life  cycle. 
Prior  project  and  resource 
management  experience  uti¬ 
lizing  web/Internet  technolo¬ 
gies  helpful.  Competitive 
salary.  Mail  resume  to  Avista 
Management  Inc.,  5353 
Conroy  Road,  Suite  200, 
Orlando,  FL  3281.  Attn:  Sofia 
Barnes 

Software  Engineer  (Orlando, 
FL).  Technology  company 
seeks  software  professionals 
to  develop,  and  manage  net¬ 
works  and  systems  by  utiliz¬ 
ing  knowledge  of  Java, 
JavaScript,  C,  C++,  PASCAL, 
HTML,  CISCO  7204,  Real 
Media  Technology  and  DNS 
Server.  Extensive  Knowledge 
in  ColdFusion,  SQL  Server 
2000,  Netscreen  Firewalls, 
and  BIG-IP  Loadbalancers 
preferred.  Competitive  salary. 
Mail  resume  to  Avista 
Management  Inc.,  5353 
Conroy  Road,  Suite  200, 
Orlando,  FL  32811 .  Attn:  Sofia 
Barnes 


Programmer  Analysts  &  Network 
Engineers  for  Chicago,  IL.  P/A: 
Design  &  Develop  software 
applications  using  Oracle,  XML, 
UML,  C++,  Sybase,  Interwoven, 
Coolgen,  ClearCase,  Clear- 
Quest,  PVCS,  UNIX.  Bachelors 
or  Eqv  req'd  in  Computers,  Eng, 
Math  or  related  field  of  study  +2 
yrs  of  related  exp.  May  be  relo¬ 
cated  to  various  unanticipated 
locations  throughout  the  United 
States.  N/E:  Responsible  for 
troubleshooting,  support,  de¬ 
sign,  security,  documentation, 
equipment  configuration  &  per¬ 
formance  of  networks.  Must 
have  expertise  relating  to  SAN, 
Solaris,  HP,  Windows,  Admin, 
Analyst,  Veritas,  Checkpoint. 
Masters  or  Eqv.”  req'd  in  Com¬ 
puters,  Eng.,  Math  or  related 
field  of  study  +  1  yr  of  related 
exp.  (”Eqv.:  Bachelors  or  Eqv.  + 
5  yrs  of  progressive  related  work 
exp).  40  hrs/Wk.  Must  have  le¬ 
gal  authority  to  work  permanent¬ 
ly  in  the  U.S.  Send  resume  to 
HR,  Infobahn  Softworld,  Inc.,  10 
SouthRiversidePlaza.  Ste.1800, 
Chicago,  IL  60606. 


Software  Engineers  for  Kan¬ 
sas  City,  MO.  Design,  develop 
&  test  software  using  Java,  C, 
C++,  VB,  Winrunner,  Tuxedo, 
Eclipse,  Corba,  RMI,  RUP. 
Masters  or  Eqv.”  req'd  in 
Computers,  Eng.,  Math  or 
related  field  +  1  yr  of  related 
exp.  ("Eqv.:  Bachelors  or 
Eqv.  +  5  yrs  of  progressive 
related  work  exp).  40  hrs/Wk. 
Must  have  legal  authority  to 
work  permanently  in  the  U.S. 
Send  resume  to  HR,  Spec¬ 
trum  Informatics,  Inc.,  10116 
N  Bradford  Ave.,  Kansas  City, 
MO  64154. 


Software  Engineers  for  Santa 
Clara,  CA  &  Chicago,  IL:  Design, 
develop  &  test  software  using 
Java,  C,  C++,  VB,  Winrunner, 
Tuxedo,  Eclipse,  Corba,  RMI, 
RUP.  Masters  or  Equivalent** 
req'd  in  Computers,  Engineer¬ 
ing.  Math  or  related  field  of  study 
+  1  yr  of  related  exp.  (**Eqv.: 
Bachelors  or  Eqv.  +  5  yrs  of  pro¬ 
gressive  related  work  exp).  May 
be  relocated  to  various  unantici¬ 
pated  locations  throughout  the 
US.  40  hrs/Wk.  Must  have  legal 
authority  to  work  permanently  in 
the  U.S.  Send  resume  to  HR, 
Infobahn  Softworld,  Inc.,  3140 
De  La  Cruz  Blvd,  Suite  #108, 
Santa  Clara,  CA  95054. 


E  Soft  Inc  has  openings  in  New 
Jersey  and  nationwide  for  Com¬ 
puter  Professionals  with  at  least 
two  years  experience  in  the  fol¬ 
lowing  skills: 

VB,  VBScript,  Delphi,  Java, 
JavaScript,  J2EE,  JVMPI,  JNI, 
EJB,  SOAP,  Jbuilder,  Visual  Age 
for  Java,  Sybase,  C++,  VC++, 
COM,  DCOM,  SQL  Server. 
HTML,  DHTML,  Active  X,  Site 
Server,  IIS,  ASP,  JSP,  Web  logic, 
Web  sphere,  Visual  Source 
Safe,  CORBA,  (Visibroker), 
Codewright,  EDI,  CGI,  Perl, 
CSS,  XML,  XSL,  DSDM,  TCP/ 
IP,  DB2,  UDB,  Stored  Procedur¬ 
es,  MQ  Series,  Oracle  DBA,  MS 
Access,  Oracle,  PL/SQL,  Oracle 
Forms,  Oracle  Reports,  OLAP, 
SAP,  ABAP/4,  MTS,  Site  server, 
ISPF/Spool,  VSAM,  AIX,  Cog- 
nos  Impromptu,  ETL,  Datastage, 
Power  Play,  Business  Objects, 
Mainframes,  SOAP,  Rouge- 
wave,  AS/400  System  Admin, 
WIN  NT/2000,  Unix  &  Shell 
Scripting/Programming,  Linux, 
BSDI,  Clear  case.  Perforce, 
WebDB,  QA  Automated  Testing 
tools,  Winrunner,  Loadrunner, 
Silk. 

Most  positions  require  Bachel¬ 
ors  or  Master  Degree.  Equiva¬ 
lent  Degree  and  experience  is 
accepted.  Candidate  should  be 
willing  to  relocate.  Excellent  Pay 
and  benefits.  Salaries  will  be 
commensurate  w/exp.  and  posi¬ 
tion  sought. 

Email  resumes  to: 
vikram@esoftjobs.com 


Sr  Appl  Supp  Analyst,  NY,  NY: 
Monitor  &  supp  prod  sys  used  in 
equities,  futures  &  opts  trad. 
Eval  &  analyze  client  connect 
req'mnts,  determine  function 
gaps,  make  recomm  to  dev 
team  &  coord  efforts  to  implmnt 
&  test  client  in  prod.  Config  sys 
&  supp  test  &  prod  envir. 
Troubleshoot  &  supp  global  trad 
sys.  Participate  in  connect  & 
trad  sys  des  &  dev  &  dev  proc  to 
streamline  client  setup  &  cert. 
Must  perf  duties  w /  Windows 
2000  Servers  &  XP  Oper  Sys 
envir,  UNIX  Servers,  Stnd  FIX 
Protocol,  Shell  Script,  UNIX-bsd 
Script  lang,  Korn  Shell  Script  & 
Perl  Script.  Req:  BS  in  Comp 
Eng,  Comp  Sci  or  closely  rel 
field  &  5  yrs  relev  exp  in  pos  offd 
or  occup  w/sim  duties  emph 
time-critical  trad  fl  sys  for  fin 
srvcs  firms;  or  MS  in  Com  Eng, 
Comp  Sci  or  closely  rel  field  &  3 
yrs  relev  exp  in  pos  offd  or 
occup  w/sim  duties  emph  time- 
critical  trad  fl  sys  for  fin  srvcs 
firms.  Resume  to  D.  Vitiello, 
Pres.,  Columbia  Tech.  Corp.,  45 
Broadway,  9th  FL,  New  York,  NY 
10006. 


PROGRAMMER/ANALYST 

Permanent  position  at  Missat 
Consulting.  Exp:  3  yrs. 

Skills:  EAI  Components,  Java, 
JMS,  Websphere  MQ,  WBI, 
Neon  Rules  and  Formatter, 
Webmethods,  UNIX  scripts, 
SAP-HR,  PL/SQL,  Oracle. 

Resp:  Analyze  requirements, 
design  &  develop  EAI  Compon¬ 
ents.  Integrate  enterprise  appli¬ 
cations  related  to  heterogenous 
environments. 

Location:East  Brunswick,  NJ 
Tel:  877-483-2112 
Fax:  732-210-0251 
Email:  hrd@missat.com 


Techgene  Solutions  has  open¬ 
ings  for  Software  Engineers  or 
other  IT  staff.  Candidates  must 
have  BS/MS  with  experience. 
Skills  In  Cobol,  JCL,  Oracle, 
SQL,  VB,  C/C++  are  plus.  Travel 
may  be  required  for  some  posi¬ 
tions.  Competitive  salary.  Please 
apply  at  contact@techgene 
com  No  calls.  EOE. 

Synova  has  multiple  openings 
for  Project/Software  Engineers. 
System  Analysts,  DBA.  Our 
clients  include  Fortune  500. 
Candidates  must  have  MS  or  BS 
with  experience.  We  offer  attrac¬ 
tive  wage  with  full  benefits. 
Travel  maybe  required.  Email 
resume  to  ads@svnovainc.com. 
EOE.  No  calls. 


CHIEF  INFORMATION 
OFFICER 
Up  to  $120,000 

The  New  York  Liquidation  Bur¬ 
eau  is  seeking  a  visionary  to  de¬ 
velop,  implement,  and  enforce 
strategic  policies  and  proce¬ 
dures  ensuring  data  reliability 
and  security.  This  highly  motivat¬ 
ed  individual  must  be  knowl¬ 
edgeable  in  Articles  74  and  76  of 
the  New  York  Insurance  Law. 
Essential  skills  require  an  excel¬ 
lent  communicator  and  team 
builder  with  proven  success  in 
management  systems/informa¬ 
tion  technology  at  an  insur¬ 
ance/reinsurance  or  financial  in¬ 
stitution.  Individual  must  also  be 
able  to  provide  executive  leader¬ 
ship  with  broad  experience  in 
managing  diverse  multidiscipli¬ 
nary  technical  teams.  Ideal  can¬ 
didates  must  possess  a  Bachel¬ 
or's  Degree  in  a  related  disci¬ 
pline;  and/or  related  profession¬ 
al  designation  or  graduate  de¬ 
gree.  AS400  and  Novell  LAN 
experience  is  a  must;  familiarity 
with  J.D.  Edwards  financial  soft¬ 
ware  and  NAIC  knowledge  is  a 
plus.  We  offer  extensive  benefits 
and  salary  commensurate  with 
experience.  Please  fax  resume 
with  salary  requirements  to  212- 
349-5810  or  e-mail  to: 

hr@nvlb.oro 

EOE  M/H/FA/ 


MIS  Managers:  Direct  daily  op¬ 
erations  of  department,  analyze 
workflow,  establish  priorities. 
Develop  computer  information 
resources,  provide  data  security 
and  control,  strategic  computing, 
and  disaster  recovery.  Know¬ 
ledge  in  ERP  packages  using 
SAP,  EDI,  Workflow,  Business 
Connector,  .NET,  Business  Ob¬ 
jects,  PeopleSoft,  PeopleTools 
programs  using  ASP,  DB2,  SQL/ 
Oracle,  UNIX/NT.  Req.  M.S.  in 
Comp.  Science  or  Engg.  &  1  yr 
of  exp.  or  B.S.  in  Comp.  Science 
or  Engg.  +5  yrs  of  exp. 

Programmer  Analysts:  Analyze, 
develop  and  test  SAP,  Enter¬ 
prise  Portal,  J2EE,  BSP,  E-Sel¬ 
ling  and  E-Service  using  iVews, 
BW.  PDM,  ABAP,  Netweaver, 
XML  using  database  in  Oracle 
and  SQL  Server.  Req.  Bachelor 
in  Comp.  Science  or  Engg.  Or 
related  and  2  yrs  of  exp. 

Send  resume  to: 

HR. 

IVS  Consulting,  Inc. 

7457  Harwin,  Suite226 
Houston,  TX  77036 
or  E-mail: 

ajay@ivsconsulting.com 


Programmer  Analysts  (P/A)  & 
Software  Engineers  (S/E)  for 
Fremont,  CA,  Warrenville,  IL  & 
Raleigh,  NC.  P/A:  Design  & 
Develop  software  using  Oracle, 
SQL  Server,  Erwin,  Linux, 
Sybase,  XML,  UML,  Interwoven, 
Coolgen,  ClearCase,  Clear- 
Quest,  Plumtree,  PVCS,  UNIX. 
Bachelors  or  Eqv.  req’d  in  Com¬ 
puters,  Eng.  Math  or  related  field 
+2  yrs  of  related  exp.  S/E: 
Design,  develop  &  test  software 
using  Java,  C,  C++,  VB,  Winrun¬ 
ner,  Tuxedo,  Eclipse,  Corba, 
RMI,  RUP.;  Masters  or  Eqv.** 
req'd  in  Computers,  Eng,  math 
or  related  field  of  study  +  1  yr  of 
related  exp.  (**Eqv:  Bachelors 
or  Eqv  +  5  yrs  of  progressive 
related  work  exp.).40  hrs/Wk. 
Must  have  legal  authority  to 
work  permanently  in  the  U.S. 
Send  resume  to  HR,  Global- 
ways,  Inc.,  391 76B,  State  Street, 
Fremont,  CA  94538. 


Frontier  Consulting,  Inc., 
specializing  in  software  de¬ 
velopment  &  professional 
consulting  services  seeks 
an  experienced  program¬ 
mer  analyst  to  design,  main¬ 
tain  &  implement  application 
software  &  develop  graphi¬ 
cal  interface  programming  & 
communication  protocol. 
Send  resume  to:  Frontier 
Consulting,  Inc.,  ATTN: 
Asst.  Personnel  Manager, 
10101  Southwest  Freeway, 
Ste.  202,  Houston,  TX 
77074. 


Programmer  Analysts  (PA)  & 
Software  Engineers  (SE)  for 
Warrenville,  IL  &  Fremont,  CA. 
PA:  Design  &  Develop  software 
using  C++,  Oracle,  Sybase, 
XML,  Coolgen,  Interwoven, 
ClearCase,  ClearQuest,  Plum- 
tree,  ITS.  PVCS, UNIX;  Bach¬ 
elors  or  Eqv.  req'd  in  Computers, 
Eng,  Math  or  any  related  field  of 
study  +  2  yrs  of  related  exp.  SE: 
Design,  develop  &  test  software 
using  Java,  C,  C++,  VB,  Win¬ 
runner,  Tuxedo,  Eclipse,  Corba, 
RMI,  RUP.  Masters  or  Eqv*  req'd 
in  Computers,  Eng,  Math  or 
related  field  of  study  +  1  yr  of 
related  exp.  (*Eqv.:  Bachelors  or 
Eqv.  +  5  yrs  of  progressive  relat¬ 
ed  work  exp).  40  hrs/Wk.  Must 
have  legal  authority  to  work  per¬ 
manently  in  the  U.S.  Send  res¬ 
ume  to  HR,  Softsol  Resources, 
Inc.,  27475  Ferry  Road,  Ste.  110 
Warrenville,  IL  60555. 


Programmer  Analysts  (PA)  & 
Software  Engineers  (SE)  for 
Dallas,  TX  &  S  Plainfield,  NJ. 
PA:  Design  &  Develop  software 
using  Oracle,  Erwin,  XML,  UML, 
C++,  Interwoven,  Coolgen, 
ClearCase,  ClearQuest,  PVCS, 
UNIX;  Bachelors  or  Eqv.  req'd  in 
Computers,  Eng,  Math  or  any 
related  field  of  study  +  2  yrs  of 
related  exp.  S/E:  Design,  devel¬ 
op  &  test  software  using  Java, 
C,  C++,  VB,  Winrunner,  Tuxedo, 
Eclipse,  Corba,  RMI,  RUP.  Mas¬ 
ters  or  Eqv”  req'd  in  Comput¬ 
ers,  Eng,  Math  or  related  field  of 
study  +  1  yr  of  related  exp. 
(“Eqv.:  Bachelors  or  Eqv.  +  5 
yrs  of  progressive  related  work 
exp).  40  hrs/Wk.  Must  have 
legal  authority  to  work  perma¬ 
nently  in  the  U.S.  Send  resume 
to  HR,  Redsalsa  Technologies, 
Inc.,  13800  Montfort  Dr,  Ste.230, 
Dallas,  TX  75240. 


F/T  Computer  Programmer.  Re¬ 
sponsible  for  analyzing,  modify¬ 
ing  &  implementing  progr.  using 
I  Series,  AS/400  sys.,  and 
RPG/400,  Delphi  and  Java  lan¬ 
guages.  Development  stats, 
adapt  progr.  &  monitor  them. 
Must  have  Bachelor's  degree  in 
Comp.  Science,  Electr.  Engin¬ 
eering,  related  field  or  foreign 
degree  equivalent.  Must  have  3 
yrs.  exp.  in  job  offered  or  a  posi¬ 
tion  w /  same  duties.  Salary: 
Competitive.  Send  resume  to: 
C.  Lesker,  Datatex  TIS,  Inc., 
11810  Northfall  LN,  Bldg.  1203, 
Alpharetta,  GA  30004. 


Infomerica  is  looking  for  sys¬ 
tem  analysts,  DBA,  software 
engineers  &  consultants  work¬ 
ing  at  different  sites  (travel 
maybe  required).  Require  min. 
MS/BS  with  related  IT  exp. 
Good  salary  with  full  benefits. 
We  sponsor  H1B  &  Green 
Card.  Send  resumes  to 
info@infomericainc.com  EOE. 

Software  Engineers  &  System 
Analysts:  develop  new  ISO 
processor  interface,  real  time 
online  ATM/POS.  Qualified 
candidates  must  have  at  least 
MS  or  BS  degree  with  exp  in 
XML,  VB,  Socket/TCP.  Apply 
at  Fiserv  GalaxyPlus,  Attn  Liza 
Chism  5600  Crooks  Rd.  Troy, 
Ml  48098.  NO  calls,  EOE. 


Database  Admin  wanted 
by  KINTON,  INC.  in  New¬ 
ark,  NJ.  A  Master's  de¬ 
gree  in  computer  science 
or  related  fields  with  at 
least  two  years  experi¬ 
ence  in  all  phases  of  data¬ 
base  administration,  rela¬ 
tional  database  design, 
databases  application  de¬ 
velopment  &  report  gen¬ 
erating  using  SQL  is 
required.  Fax  resume  to 
(973)  589-7565. 


Cyber  Technology  Group,  Iselin, 
NJ,  needs  experienced  Senior 
Software  Engineers  having  a 
Masters  degree  in  a  quantitative 
discipline  or  in  the  alternative  a 
Bachelors  Degree  in  a  quantita¬ 
tive  discipline  and  five  years  of 
progressive  work  experience  to 
analyze,  code,  design,  develop, 
implement  test  and  troubleshoot 
real  time  software  applications 
using  tools  and  technologies 
such  as  Java,  J2EE,  JavaScript, 
HTML,  ColdFusion,  C,  C++, 
WebLogic  and  Oracle.  Competi¬ 
tive  salary  and  benefits.  M-F,  40 
hours/week.  Please  mail  your 
resume  to  Cyber  Technology 
Group,  HR  Department,  200 
Middlesex  Essex  Turnpike,  Suite 
#  100,  Iselin,  NJ  08830. 


S&R  Professionals  L.P. 

Programmer  Analysts:  Analyze, 
develop,  plan,  integrate,  design 
applications  using  Java,  J2EE 
Technologies,  Websphere,  C++, 
VB/ASP.NET,  XML,  Rational 
Rose  and  EAI  technologies, 
MPEG,  MP3,  WMA,  H264, 
embedded  systems  using 
Oracle/Sybase/SQL.  Req.  Bach¬ 
elor'  Degrees  in  Comp.  Science 
or  related  field  &  2  yrs  of  exp. 
Send  resume  to  H.R.  S&R 
Professionals  L.P.  2825, 
Wilcrest  Dr.,  Ste.  #  112, 

Houston,  TX  77042  or  E-mail: 
prasad@srprofessionals.com 


PROGRAMMER/ANALYST 

Permanent  position  at  Missat 
Consulting.  Exp:  3  yrs. 

Skills:  BroadVision  7.1,  Shuts 
1.1,  IEP,  Publish  Ctr,  UNIX 
Script,  SSJS,  Tiles,  Ant,  JAVA/ 
JSP,  PL/SQL,  Oracle9i,  Web 
publisher,  Documentum,  JUNIT, 
Log4J.  iPlanet,  XML,  Saxon, 
JAXP,  XSLT,  Siteminder,  DCC, 
BV  SRCs  &  BulkLoad,  KM  Load¬ 
er,  BV  ServerMonitor,  Remedy. 

Resp:  Analyze  requirements. 
Design  &  Develop  portals/web¬ 
sites. 

Location:  East  Brunswick,  NJ 
Tel:  877-483-2112 
Fax:  732-210-0251 
Email:  hrd@missat.com 


Trustworthy  Software  seeks 
experienced  Sr.  Software 
Engr.  with  B.Sc.Comp.  Eng. 
or  equiv.  Will  design  and 
develop  secure  middleware 
and  network  protocol  for 
Unix/WIN  and  embedded  in 
C++  with  STL/Qt  and  strong 
auth.  (SSL,  RSA,  smart- 
cards).  Will  manage  dev. 
and  doc.  for  defense  and 
banking  products.  Send 
resume  to  3423  Investment 
Bl.,  Ste.  16,  Hayward  CA 
94545,  Attn:  HR 
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Microsoft’s  Management  Software  Road  Map 


Continued  from  page  1 

Microsoft 

one  of  Microsoft’s  two  major 
management  products. 

Kirill  Tatarinov,  vice  presi¬ 
dent  of  Microsoft’s  Windows 
and  enterprise  management 
division,  said  the  first  fruits  of 
DSI  can  be  seen  in  the  “health 
models”  that  are  bundled  into 
management  packs  for  Micro¬ 
soft  Operations  Manager  2005, 
which  shipped  late  last  year 
The  models  let  MOM  users 
compare  the  performance  and 
availability  of  applications  with 
their  desired  baseline  levels. 

XML-based  Model 

The  System  Definition  Model, 
an  XML-based  document  that 
Microsoft  expects  to  eventual¬ 
ly  become  pervasive  in  Win¬ 
dows  applications,  will  take 
the  DSI  strategy  to  the  next 
level,  Tatarinov  said. 

SDM  can  be  likened  to  a 
shipping  manifest  that  lists  the 
resources  on  which  an  appli¬ 
cation  depends,  the  applica¬ 
tion’s  operational  behavior 


and  the  manner  in  which  it’s 
deployed  and  updated.  Cur¬ 
rently  available  in  the  beta 
version  of  Visual  Studio  2005 
Team  System,  SDM  is  due  to 
ship  with  the  product  in  the 
second  half  of  the  year. 

Plans  call  for  Microsoft  to 
bake  SDM  into  its  own  prod¬ 
ucts.  And  Tatarinov  said  the 
company  will  make  a  concert¬ 
ed  effort  this  year  —  with  a 
special  focus  at  its  Profession¬ 
al  Developers  Conference  in 
September  —  to  encourage 
other  software  vendors  and 
corporate  developers  to  build 
SDM  into  their  applications. 

Upcoming  versions  of 
MOM  and  SMS  will  be  able  to 
use  the  information  contained 
in  the  SDM  documents.  For 
example,  a  document  could  in¬ 
form  SMS  of  how  an  applica¬ 
tion  needs  to  be  deployed  and 
what  components  are  depen¬ 
dent  on  it,  Tatarinov  said. 

But  Jason  Agee,  a  lead  infra¬ 
structure  systems  analyst  at 
the  Nebraska  Department  of 
Health  and  Human  Services  in 
Lincoln,  expressed  skepticism 
about  the  model-based  man- 


Microsoft 

Operations  Manager 

■  MOM  2005  SP1:  Bug-fix  update. 

Due  in  second  half  of  this  year. 

■  MOM  v3:  Code  name  for  next 
major  release.  Due  for  beta-testing 
by  Technical  Adoption  Program 
customers  this  year;  shipment 
expected  in  second  half  of  2006. 

Systems 

Management  Server 

■  SMS  Update  (for  Software 
Assurance  customers):  Adds  vul¬ 
nerability  assessment,  ability  to  do 


agement  approach.  He  said  he 
will  first  need  to  see  an  exam¬ 
ple  of  an  environment  in  which 
DSI  works  to  be  convinced 
that  it  can  be  useful.  “A  model 
is  only  as  good  as  how  com¬ 
plete  it  is,”  he  said.  “I  have  a 
feeling  it’ll  be  rocky  in  the  be¬ 
ginning.  But  as  the  models  im¬ 
prove,  I’ll  get  interested.” 

An  IT  manager  at  an  aircraft 


third-party  software  patching.  Due  first 
quarter  of  2006. 

■  SMS  v4:  Code  name  for  next  major 
version,  with  a  role-  and  task-based 
user  interface  and  integrated  Network 
Access  Protection.  Due  in  2007. 

Reporting  Manager 

■  New  product  for  generating  re¬ 
ports  from  data  in  SMS,  MOM  and 
Active  Directory.  Due  for  beta  release 
in  early  May,  shipment  in  the  second 
half  of  this  year. 

Capacity  Manager 

■  New  tool  for  planning  deployments 


manufacturer  said  she  fore¬ 
sees  trouble  getting  the  com¬ 
pany’s  developers  to  use  SDM 
when  they  build  custom  appli¬ 
cations.  “Microsoft  assumes 
that  IT  will  be  able  to  force 
standards  on  application  de¬ 
velopers,”  said  the  manager, 
who  asked  not  to  be  identi¬ 
fied.  “I’ve  been  in  IT  for  20 
years,  and  I  haven’t  seen  it  in 


of  MOM  and  Exchange  Server. 

Technical  Community  Preview  re¬ 
lease  available  now:  Version  1  due 
later  this  year. 

Data  Protection 
Manager 

■  Supports  disk-to-disk  data 
backup  and  recovery.  Available 
now  for  beta-testing,  due  for 
commercial  release  in  the 
second  half  of  this  year. 

Windows  Server 
Update  Services 

■  For  patch/software  updates. 

In  beta  now;  due  by  end  of  June. 


our  world.  Somebody’s  going 
to  have  to  embrace  this  at  the 
top  and  say,  ‘This  is  the  direc¬ 
tion  we  need  to  go.’  ” 

Some  IT  managers  didn’t 
even  see  the  need  to  spend 
time  learning  about  DSI  at  the 
conference.  “Future  dreams 
and  visions  don’t  matter  to 
me.  I’m  [all  about]  where  the 
rubber  meets  the  road,”  said  a 
technology  adviser  at  a  large 
oil  company  who  also  asked 


Microsoft  Drops  System  Center  Integration  Plan 

LAS  VESAS 


MICROSOFT  last  week  disclosed 
the  details  of  a  revised  plan  for  its 
System  Center  set  of  manage¬ 
ment  tools  and  provided  sneak 
previews  of  upcoming  versions  of 
both  SMS  and  MOM. 

At  the  Microsoft  Management 
Summit  two  years  ago.  the  com¬ 
pany  said  it  planned  to  bundle 
SMS  and  MOM  together  under 
the  name  System  Center  and  en¬ 
able  them  to  share  the  same  data 
warehouse  for  unified  reporting. 

It  also  outlined  a  second  version 
of  System  Center  that  promised 
deeper  integration  of  the  two 
products  into  a  single  offering. 

But  Microsoft  scrapped  plans 
for  the  unified  product  after  cus¬ 
tomers  said  they  didn’t  want  it, 
according  to  Kirill  Tatarinov,  vice 
president  of  Microsoft’s  Windows 


and  enterprise  management  divi¬ 
sion.  Users  tend  to  have  skills  in 
either  SMS  or  MOM  and  are  ac¬ 
customed  to  having  distinct  prod¬ 
ucts,  he  said. 

“We  admitted  that  we  didn’t 
think  it  through  too  well  at  the  be¬ 
ginning,”  Tatarinov  said. 

Under  the  new  plan,  System 
Center  is  just  the  umbrella  term 
for  Microsoft’s  family  of  manage¬ 
ment  products.  In  addition  to 
SMS  and  MOM,  Microsoft  is  due 
to  ship  three  new  products  in  the 
second  half  of  the  year:  Reporting 
Manager  for  creating  reports  from 
SMS  and  MOM,  Capacity  Manag¬ 
er  for  predictive  planning  of  Ex¬ 
change  Server  and  MOM  deploy¬ 
ments,  and  Data  Protection  Man¬ 
ager  for  disk-based  backups. 

The  company  plans  to  release 
a  beta  version  of  Reporting  Man¬ 


ager  next  month.  Tatarinov  said 
that  the  product  integrates  data 
from  MOM,  SMS  and  Active  Di¬ 
rectory  and  lets  users  produce 
sets  of  reports. 

“Management  will  eat  that  up,” 
said  Mike  Szymik,  workstation 
support  lead  at  Harley-Davidson 
Motor  Co.  in  Milwaukee.  He  said 
managers  at  the  motorcycle  mak¬ 
er  often  ask  for  reports  so  they 
can  check  the  degree  to  which 
the  company’s  systems  are  out  of 
compliance  with  software  patches. 

The  next  version  of  SMS, 
code-named  v4,  will  feature  se¬ 
curity,  usability  and  configuration 
management  enhancements, 
said  Felicity  McGourty,  director  of 
marketing  in  Tatarinov’s  division. 
Microsoft  expects  to  ship  SMS 
v4  in  2007,  McGourty  said. 

For  example,  Microsoft  will  in¬ 


tegrate  its  Network  Access  Pro¬ 
tection  capabilities  to  help  sys¬ 
tems  administrators  prevent  PCs 
from  accessing  corporate  re¬ 
sources  if  they  aren’t  properly 
patched.  The  new  SMS  will  also 
be  able  to  do  proactive  monitor¬ 
ing  of  variances  from  a  desired 
configuration  for  a  system  or  ap¬ 
plication,  McGourty  said. 

MOM  v3,  due  in  the  second 
half  of  2006,  will  support  model- 
based  management  and  enable 
IT  administrators  to  monitor  ser¬ 
vices  being  delivered  to  end 
users,  Tatarinov  said.  It  will  also 
include  features  such  as  a  “do  it" 
button  to  enable  IT  staffers  to 
quickly  act  on  the  recommended 
response  to  an  alert,  and  a  role- 
based  interface  for  different 
users,  such  as  a  local  administra¬ 
tor,  a  remote  administrator  or  an 
operator. 

-  Carol  Slim 


not  to  be  identified. 

Peter  Pawlak,  an  analyst  at 
Directions  on  Microsoft,  said 
that  he  doubts  corporate  de¬ 
velopers  could  or  will  do  any¬ 
thing  with  DSI  until  mid-2007, 
and  that  he  doesn’t  expect 
“anything  that  resembles  the 
DSI  vision”  for  corporate  ap¬ 
plications  until  2008. 

“I  see  little  in  the  DSI  road 
map  that  will  help  them  man¬ 
age  existing  corporate  apps 
better,”  he  added.  “The  big 
thing  [Microsoft]  needs  to  do 
is  get  developers  in,  because 
there  are  no  developers  at  this 
conference.”  C  53950 


QUESTIONING  MICROSOFT 

In  this  issue:  Microsoft's  Jim  Allchin 
discusses  the  company's  Longhorn 
operating  system  plans.  Page  19 

More  online:  Visit  our  Web  site  to  read  an 
interview  with  Microsoft's  Kirill  Tatarinov: 

QuickLink  53905 
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FRANK  HAYES  ■  FRANKLY  SPEAKING 


Patently  Fair 

AT  LONG  LAST,  the  U.S.  Congress  has  taken  up  the  con¬ 
troversial  issue  of  software  patents.  Last  week,  a  draft 
of  new  legislation  was  publicly  circulated,  and  a  con¬ 
gressional  subcommittee  held  the  first  hearings  on  the 
proposed  law,  whose  primary  purpose  appears  to  be  — 
wait,  you  may  want  to  sit  down  for  this.  Its  primary  purpose  seems 
to  be  to  save  Microsoft  a  half-billion  dollars. 

Is  that  unfair?  Well,  maybe.  Let’s  say  that  one  of  the  proposed  law’s 
purposes  is  to  overturn  Eolas  v.  Microsoft ,  the  lawsuit  in  which  a  jury 
in  2003  awarded  $521  million  to  a  company  that  said  Microsoft  in¬ 
fringed  on  its  software  patents. 

What,  you  thought  patent  reform  was  going  to  be  good  for  you? 


Actually,  it  might  be.  Right  now,  software 
patents  are  one  of  the  biggest  intellectual-prop¬ 
erty  pain  points  in  the  IT  industry.  And  the  pain 
pretty  much  crosses  the  usual  divides.  Big  pro¬ 
prietary  software  vendors,  open-source  devel¬ 
opers  and  even  individual  corporate  IT  shops 
have  to  worry  about  infringing  someone  else’s 
software  patents. 

And  because  of  the  way  the  system  is  cur¬ 
rently  set  up,  it’s  impossible  to  be  sure  that  soft¬ 
ware  doesn’t  infringe  a  patent.  Patents  aren’t 
like  copyrights,  where  you  infringe  by  copying 
someone  else’s  work.  With  patents,  you  can  in¬ 
fringe  even  if  you  think  you  invented  a  technol¬ 
ogy  yourself.  You  may  never  have  seen  the  in¬ 
vention  whose  patent  you’ve  infringed. 

In  fact,  you’re  likely  not  to  have  seen  it,  since 
patent  applications  currently  aren’t  published 
while  the  U.S.  Patent  and  Trademark  Office  is 
examining  whether  a  patent  should  be  issued. 

That  means  software  developers  are  working 
in  the  dark,  hoping  they  won’t  run  afoul  of 
patents  they  don’t  know  exist.  And  if  a  patent  is 
infringed,  the  patent  holder  pretty 
much  has  the  infringer  over  a  bar¬ 
rel.  No  wonder  so  many  people 
have  lined  up  against  them. 

Of  course,  some  of  the  people 
lined  up  against  them  also  favor 
software  patents.  Case  in  point: 

Microsoft.  The  company  likes  some 
software  patents,  especially  the 
ones  it  owns.  It  hates  other  software 
patents,  particularly  the  ones  be¬ 
longing  to  companies  like  Eolas 
Technologies  that  have  been  used  to 
hammer  Microsoft  with  lawsuits 
over  the  past  few  years. 


So  Microsoft  has  lobbied  hard  for  patent  law 
changes.  So  have  the  Intellectual  Property  Own¬ 
ers  Association,  the  Business  Software  Alliance 
and  other  groups,  each  with  a  slightly  different 
agenda.  The  proposed  law  has  a  little  some¬ 
thing  for  everyone  —  especially  Microsoft. 

But  that’s  not  all  bad.  Under  the  draft  legisla¬ 
tion  (which,  remember,  is  a  long  way  from  be¬ 
ing  law),  it  will  be  harder  to  prove  that  a  soft¬ 
ware  invention  deserves  a  patent  and  easier  to 
challenge  the  patent  once  it’s  issued.  Damages 
will  be  limited.  It  will  be  harder  to  get  an  in¬ 
junction  that  stops  an  accused  infringer  from 
selling  its  products.  And  all  patent  applications 
will  be  published  once  they’ve  been  in  the 
pipeline  for  18  months. 

There’s  also  specific  language  tailored  to 
overturn  Eolas  v.  Microsoft  and  eliminate  any 
chance  that  Microsoft  will  have  to  pay  that 
$521  million.  Some  surprise,  huh? 

The  one  thing  the  new  legislation  won’t 
change  is  the  existence  of  software  patents  in 
the  U.S.  This  version  of  patent  reform  pretty 

much  ends  any  hope  that  Congress 
will  get  rid  of  software  patents. 

We’ve  had  them  for  more  than 
20  years  now,  since  a  U.S.  Supreme 
Court  decision  in  1981.  They’ll  still 
be  a  problem  for  software  vendors. 

But  the  proposed  law  really 
could  help  clean  up  the  process 
and  limit  uncertainty  for  software 
developers.  They’ll  have  a  fighting 
chance  of  avoiding  software  patent 
infringement.  That  should  be  good 
for  everyone  working  on  software. 

Even  you.  And,  yes,  especially 
Microsoft.  O  53929 


frank  haves,  Computer- 
world's  senior  news  colum¬ 
nist,  has  covered  IT  for  more 
than  20  years.  Contact  him  at 

frank.hayes@computerworld.com . 


Because  They’re  Servers! 

Pilot  fish  has  already  been  through  a  detailed  data- 
security  audit  for  all  100  of  the  Windows  servers  in 
his  care.  Then  the  Sarbanes-Oxley  auditor  asks  for  a 
list  of  network  protocols  installed  on  the  servers.  Next 
comes  this  one:  “If  any  of  these  services  or  protocols 
are  enabled  for  normal  business  operations,  I  need 
to  obtain  an  explanation:  Remote  Access  Service, 
TCP/IP,  NetBIOS,  NetBEUI..." 


Just 
Because 

New  employee 
calls  support 
pilot  fish  the  first 
time  he  tries  to  work 
from  home.  His  com¬ 
plaint:  He  can't  see  any¬ 
thing  on  the  company’s 
network.  “After  playing 
20  questions,  I  discov¬ 
ered  he  hadn't  estab¬ 
lished  a  VPN  connection 
first”  fish  says.  “His  re¬ 
sponse?  ‘I  don’t  have  to 
do  that  at  the  office. 

Why  should  I  have  to  da 
it  at  home?*" 

Tag,  You’re  It 

My  PC  says  “boot  device 
failure”  when  I  start  it, 
remote  user  tells  pilot 
fish.  “I  asked  the  user  to 
find  and  send  me  the 
service  tag  of  the  ma¬ 
chine,”  fish  says.  “That 
is,  to  e-mail  me  the  num¬ 
ber.  A  few  days  went  by 
and  I  hadn’t  heard  a 
thing.  Then  the  mail  ar¬ 
rived:  Sure  enough,  in  an 
overnight  FedEx  enve¬ 
lope  was  the  physical 
tag  peeled  from  the  sys¬ 
tem,  sent  right  to  me!” 

Hardware  Fix 

Frustrated  user  calls  the 
help  desk  about  a  moni¬ 
tor  that’s  flickering  badly. 
“It’s  impossible  to  work 
with  this  flicker,  especial¬ 
ly  on  sunny  days,  and  it 
starts  around  I  pan.,” 
user  says.  Pilot  fish  visits 
user’s  cube,  surveys  the 


scene,  then 
toms  off  the 
fan  standing 
next  to  user’s 
monitor -and 
the  flicker  goes  away. 

Super 

My  Caller  ID  is  wrong, 
new  hire  tells  help  desk 
pilot  fish.  “Since  I  had 
set  her  up  initially,  I 
knew  everything  was 
working  correctly,  so  I 
went  up  to  see  her,”  fish 
says.  “She  pointed  to 
the  display  on  her  phone 
and  told  me  that  her 
name  wasn’t  Mario,  it 
was  Sarah.  I  explained 
that  ‘Mario’  was  actually 
the  date -MAR  10.  All 
her  new  colleagues  now 
call  her  Mario.” 

Useless  Case 

Developer  pilot  fish’s 
team  is  working  on  a 
large  financial  system, 
so  they  decide  to  do  a 
use-case  study.  "The 
idea  was  that  users 
could  give  us  the  inside 
scoop  on  what  they’re 
inputting  and  what  it 
means,”  fish  reports. 
“We  went  to  our  first 
user  and  asked  him  to 
explain  the  screen  to  us. 
He  said,  ‘Look.  I  take 
this  number  here  on  this 
paper  and  type  It  into  the 
little  box  on  this  screen.' 
What  is  the  number  used 
for?  we  asked.  ‘Like  I 
said,  I  take  this  number 
from  this  paper . . .’  ” 
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©TAKE  YOUR  TRUE  TALE  of  IT  life  and  type  it  in  a 
message  to  sharky@computerworid.com.  You’ll 
snag  a  snappy  Shark  shirt  if  I  use  it.  And  check  out  the  daily 
feed,  browse  the  Sharkives  and  sign  up  for  Shark  Tank 
home  delivery  at  computerworid.com/sharky. 
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IT  security  is  a  moving  target.  The  systems 
and  processes  you  relied  on  yesterday  may 
not  provide  the  protection  you  need  today. 

But  we  can.  Insight  offers  the  leading 
security  technology  essentials— firewalls, 
virus  protection,  appliances — with  an  expert 
security  team  to  help  you  identify  and  address 
issues  throughout  your  business.  Our  security 
specialists  offer  resources  and  services  such 
as  remote  and  onsite  assessments  and 
monitoring  to  help  you  proactively  plan 
and  Secure  IT  with  confidence. 


CASE  STUDY: 

A  HIPAA  Hospital  Diagnosis 

Facing  important  HIPAA  compliance  deadlines,  a 
regional  hospital  in  the  Southwest  turned  to  Insight 
for  help.  The  hospital  wanted  an  outside  review  to 
ensure  its  systems  could  pass  the  test.  Diagnosing 
everything  from  data  backup  and  virus  protection  to 
Web  and  facility  security,  Insight’s  Secure  IT  Remote 
Risk  Assessment  identified  important  issues,  prioritized 
risks  and  proposed  solutions  to  solve  them.  Armed 
with  this  information,  the  IT  team  can  now  focus  its 
efforts  to  realize  HIPAA  data  security  compliance. 
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Source  Code:  AD021 

Insight  and  the  Insight  logo  are  registered  trademarks  of  Insight  Direct  USA,  Inc.  IT  For  The  Way  You  Work  is  a  trademark  of  Insight  Direct  USA,  Inc. 

All  other  trademarks,  registered  trademarks,  photos,  logos  and  illustrations  are  property  of  their  respective  owners. 

©2005  Insight  Direct  USA,  Inc.  All  rights  reserved 


wm 


Solutions  for  the  adaptive  enterprise. 


m 


invent 


.^mamgementsofr^ 

0^)6'  c  ( 

.mo«or-o'»heri9h"™e,0„._ 


&  & 


U  c 

s  CD 


1  Compliance  Solutions  can  help  you  by  downloading 

A  Growing  Player  in  the  Regulatory  Compliance  Challenge  at  hp.com/info/openview 
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